mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-06-19 17:32:41 +00:00
"-Synchronized-Data."
This commit is contained in:
parent
a7a2d4d036
commit
b5ca9b29e0
@ -1,67 +1,67 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2006-0888",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation disabled, allows remote attackers to cause an unspecified denial of service by registering a large number of users."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2006-0888",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "1489",
|
||||
"refsource" : "EXPLOIT-DB",
|
||||
"url" : "https://www.exploit-db.com/exploits/1489"
|
||||
},
|
||||
{
|
||||
"name" : "16616",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/16616"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation disabled, allows remote attackers to cause an unspecified denial of service by registering a large number of users."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "1489",
|
||||
"refsource": "EXPLOIT-DB",
|
||||
"url": "https://www.exploit-db.com/exploits/1489"
|
||||
},
|
||||
{
|
||||
"name": "16616",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/16616"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,67 +1,67 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2006-0915",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Bugzilla 2.16.10 does not properly handle certain characters in the (1) maxpatchsize and (2) maxattachmentsize parameters in attachment.cgi, which allows remote attackers to trigger a SQL error."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2006-0915",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=313441",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=313441"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2006-0692",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2006/0692"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Bugzilla 2.16.10 does not properly handle certain characters in the (1) maxpatchsize and (2) maxattachmentsize parameters in attachment.cgi, which allows remote attackers to trigger a SQL error."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "ADV-2006-0692",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2006/0692"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=313441",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=313441"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,82 +1,82 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2006-1150",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Buffer overflow in Tenes Empanadas Graciela (TEG) 0.11.1, automatically appends an _ (underscore) to the end of duplicate nicknames, which allows remote attackers to cause a denial of service (application crash) by creating multiple users with long, identical nicknames, which triggers an off-by-one error."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2006-1150",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://aluigi.altervista.org/adv/tegob1-adv.txt",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://aluigi.altervista.org/adv/tegob1-adv.txt"
|
||||
},
|
||||
{
|
||||
"name" : "16982",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/16982"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2006-0846",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2006/0846"
|
||||
},
|
||||
{
|
||||
"name" : "19134",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/19134"
|
||||
},
|
||||
{
|
||||
"name" : "teg-nickname-offbyone-dos(25165)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25165"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Buffer overflow in Tenes Empanadas Graciela (TEG) 0.11.1, automatically appends an _ (underscore) to the end of duplicate nicknames, which allows remote attackers to cause a denial of service (application crash) by creating multiple users with long, identical nicknames, which triggers an off-by-one error."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://aluigi.altervista.org/adv/tegob1-adv.txt",
|
||||
"refsource": "MISC",
|
||||
"url": "http://aluigi.altervista.org/adv/tegob1-adv.txt"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2006-0846",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2006/0846"
|
||||
},
|
||||
{
|
||||
"name": "teg-nickname-offbyone-dos(25165)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25165"
|
||||
},
|
||||
{
|
||||
"name": "19134",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/19134"
|
||||
},
|
||||
{
|
||||
"name": "16982",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/16982"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,82 +1,82 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2006-1301",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secure@microsoft.com",
|
||||
"ID": "CVE-2006-1301",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "MS06-037",
|
||||
"refsource" : "MS",
|
||||
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037"
|
||||
},
|
||||
{
|
||||
"name" : "18853",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/18853"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2006-2755",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2006/2755"
|
||||
},
|
||||
{
|
||||
"name" : "oval:org.mitre.oval:def:557",
|
||||
"refsource" : "OVAL",
|
||||
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A557"
|
||||
},
|
||||
{
|
||||
"name" : "1016472",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://securitytracker.com/id?1016472"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "18853",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/18853"
|
||||
},
|
||||
{
|
||||
"name": "MS06-037",
|
||||
"refsource": "MS",
|
||||
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037"
|
||||
},
|
||||
{
|
||||
"name": "1016472",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://securitytracker.com/id?1016472"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2006-2755",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2006/2755"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:557",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A557"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,122 +1,122 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2006-1313",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will \"release objects early\" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secure@microsoft.com",
|
||||
"ID": "CVE-2006-1313",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "MS06-023",
|
||||
"refsource" : "MS",
|
||||
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-023"
|
||||
},
|
||||
{
|
||||
"name" : "TA06-164A",
|
||||
"refsource" : "CERT",
|
||||
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
|
||||
},
|
||||
{
|
||||
"name" : "VU#390044",
|
||||
"refsource" : "CERT-VN",
|
||||
"url" : "http://www.kb.cert.org/vuls/id/390044"
|
||||
},
|
||||
{
|
||||
"name" : "18359",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/18359"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2006-2321",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2006/2321"
|
||||
},
|
||||
{
|
||||
"name" : "26434",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://www.osvdb.org/26434"
|
||||
},
|
||||
{
|
||||
"name" : "oval:org.mitre.oval:def:1067",
|
||||
"refsource" : "OVAL",
|
||||
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1067"
|
||||
},
|
||||
{
|
||||
"name" : "oval:org.mitre.oval:def:1644",
|
||||
"refsource" : "OVAL",
|
||||
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1644"
|
||||
},
|
||||
{
|
||||
"name" : "oval:org.mitre.oval:def:1785",
|
||||
"refsource" : "OVAL",
|
||||
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1785"
|
||||
},
|
||||
{
|
||||
"name" : "oval:org.mitre.oval:def:2003",
|
||||
"refsource" : "OVAL",
|
||||
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2003"
|
||||
},
|
||||
{
|
||||
"name" : "1016283",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://securitytracker.com/id?1016283"
|
||||
},
|
||||
{
|
||||
"name" : "20620",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/20620"
|
||||
},
|
||||
{
|
||||
"name" : "ms-jscript-code-execution(26805)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26805"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will \"release objects early\" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:1785",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1785"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:1644",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1644"
|
||||
},
|
||||
{
|
||||
"name": "1016283",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://securitytracker.com/id?1016283"
|
||||
},
|
||||
{
|
||||
"name": "ms-jscript-code-execution(26805)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26805"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2006-2321",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2006/2321"
|
||||
},
|
||||
{
|
||||
"name": "TA06-164A",
|
||||
"refsource": "CERT",
|
||||
"url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:1067",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1067"
|
||||
},
|
||||
{
|
||||
"name": "VU#390044",
|
||||
"refsource": "CERT-VN",
|
||||
"url": "http://www.kb.cert.org/vuls/id/390044"
|
||||
},
|
||||
{
|
||||
"name": "26434",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://www.osvdb.org/26434"
|
||||
},
|
||||
{
|
||||
"name": "MS06-023",
|
||||
"refsource": "MS",
|
||||
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-023"
|
||||
},
|
||||
{
|
||||
"name": "18359",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/18359"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:2003",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2003"
|
||||
},
|
||||
{
|
||||
"name": "20620",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/20620"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,92 +1,92 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2006-1533",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "SQL injection vulnerability in newsletter.php in Sourceworkshop newsletter 1.0 allows remote attackers to execute arbitrary SQL commands via the newsletteremail parameter."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2006-1533",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20060407 [eVuln] newsletter - sourceworkshop SQL Injection Vulnerability",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://www.securityfocus.com/archive/1/430375/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name" : "http://evuln.com/vulns/107/summary.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://evuln.com/vulns/107/summary.html"
|
||||
},
|
||||
{
|
||||
"name" : "17304",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/17304"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2006-1148",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2006/1148"
|
||||
},
|
||||
{
|
||||
"name" : "24229",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://www.osvdb.org/24229"
|
||||
},
|
||||
{
|
||||
"name" : "19425",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/19425"
|
||||
},
|
||||
{
|
||||
"name" : "newsletter-script-sql-injection(25498)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25498"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "SQL injection vulnerability in newsletter.php in Sourceworkshop newsletter 1.0 allows remote attackers to execute arbitrary SQL commands via the newsletteremail parameter."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "ADV-2006-1148",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2006/1148"
|
||||
},
|
||||
{
|
||||
"name": "newsletter-script-sql-injection(25498)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25498"
|
||||
},
|
||||
{
|
||||
"name": "17304",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/17304"
|
||||
},
|
||||
{
|
||||
"name": "24229",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://www.osvdb.org/24229"
|
||||
},
|
||||
{
|
||||
"name": "20060407 [eVuln] newsletter - sourceworkshop SQL Injection Vulnerability",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/430375/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name": "19425",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/19425"
|
||||
},
|
||||
{
|
||||
"name": "http://evuln.com/vulns/107/summary.html",
|
||||
"refsource": "MISC",
|
||||
"url": "http://evuln.com/vulns/107/summary.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,92 +1,92 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2006-1631",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Unspecified vulnerability in the HTTP compression functionality in Cisco CSS 11500 Series Content Services switches allows remote attackers to cause a denial of service (device reload) via (1) \"valid, but obsolete\" or (2) \"specially crafted\" HTTP requests."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2006-1631",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20060405 Cisco 11500 Content Services Switch HTTP Request Vulnerability",
|
||||
"refsource" : "CISCO",
|
||||
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20060405-css.shtml"
|
||||
},
|
||||
{
|
||||
"name" : "17383",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/17383"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2006-1257",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2006/1257"
|
||||
},
|
||||
{
|
||||
"name" : "24433",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://www.osvdb.org/24433"
|
||||
},
|
||||
{
|
||||
"name" : "1015870",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://securitytracker.com/id?1015870"
|
||||
},
|
||||
{
|
||||
"name" : "19552",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/19552"
|
||||
},
|
||||
{
|
||||
"name" : "cisco-css-http-comp-dos(25642)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25642"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Unspecified vulnerability in the HTTP compression functionality in Cisco CSS 11500 Series Content Services switches allows remote attackers to cause a denial of service (device reload) via (1) \"valid, but obsolete\" or (2) \"specially crafted\" HTTP requests."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "ADV-2006-1257",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2006/1257"
|
||||
},
|
||||
{
|
||||
"name": "1015870",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://securitytracker.com/id?1015870"
|
||||
},
|
||||
{
|
||||
"name": "20060405 Cisco 11500 Content Services Switch HTTP Request Vulnerability",
|
||||
"refsource": "CISCO",
|
||||
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060405-css.shtml"
|
||||
},
|
||||
{
|
||||
"name": "cisco-css-http-comp-dos(25642)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25642"
|
||||
},
|
||||
{
|
||||
"name": "19552",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/19552"
|
||||
},
|
||||
{
|
||||
"name": "24433",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://www.osvdb.org/24433"
|
||||
},
|
||||
{
|
||||
"name": "17383",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/17383"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,87 +1,87 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2006-1813",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Directory traversal vulnerability in index.php in phpWebFTP 3.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the language parameter."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2006-1813",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20060417 PhpWebFTP 3.2 Login Script",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://www.securityfocus.com/archive/1/431115/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name" : "17557",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/17557"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2006-1388",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2006/1388"
|
||||
},
|
||||
{
|
||||
"name" : "19706",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/19706"
|
||||
},
|
||||
{
|
||||
"name" : "723",
|
||||
"refsource" : "SREASON",
|
||||
"url" : "http://securityreason.com/securityalert/723"
|
||||
},
|
||||
{
|
||||
"name" : "phpwebftp-index-directory-traversal(25920)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25920"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Directory traversal vulnerability in index.php in phpWebFTP 3.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the language parameter."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "17557",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/17557"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2006-1388",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2006/1388"
|
||||
},
|
||||
{
|
||||
"name": "19706",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/19706"
|
||||
},
|
||||
{
|
||||
"name": "723",
|
||||
"refsource": "SREASON",
|
||||
"url": "http://securityreason.com/securityalert/723"
|
||||
},
|
||||
{
|
||||
"name": "20060417 PhpWebFTP 3.2 Login Script",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/431115/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name": "phpwebftp-index-directory-traversal(25920)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25920"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,77 +1,77 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2006-5050",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Directory traversal vulnerability in httpd in Rob Landley BusyBox allows remote attackers to read arbitrary files via URL-encoded \"%2e%2e/\" sequences in the URI."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2006-5050",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20060916 Busy box httpd file traversal vulenrability",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://www.securityfocus.com/archive/1/446228/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name" : "20067",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/20067"
|
||||
},
|
||||
{
|
||||
"name" : "1016875",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://securitytracker.com/id?1016875"
|
||||
},
|
||||
{
|
||||
"name" : "1636",
|
||||
"refsource" : "SREASON",
|
||||
"url" : "http://securityreason.com/securityalert/1636"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Directory traversal vulnerability in httpd in Rob Landley BusyBox allows remote attackers to read arbitrary files via URL-encoded \"%2e%2e/\" sequences in the URI."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "1016875",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://securitytracker.com/id?1016875"
|
||||
},
|
||||
{
|
||||
"name": "1636",
|
||||
"refsource": "SREASON",
|
||||
"url": "http://securityreason.com/securityalert/1636"
|
||||
},
|
||||
{
|
||||
"name": "20060916 Busy box httpd file traversal vulenrability",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/446228/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name": "20067",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/20067"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,107 +1,107 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2006-5577",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka \"TIF Folder Information Disclosure Vulnerability,\" and a different issue than CVE-2006-5578."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secure@microsoft.com",
|
||||
"ID": "CVE-2006-5577",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "HPSBST02180",
|
||||
"refsource" : "HP",
|
||||
"url" : "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
|
||||
},
|
||||
{
|
||||
"name" : "SSRT061288",
|
||||
"refsource" : "HP",
|
||||
"url" : "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
|
||||
},
|
||||
{
|
||||
"name" : "MS06-072",
|
||||
"refsource" : "MS",
|
||||
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072"
|
||||
},
|
||||
{
|
||||
"name" : "TA06-346A",
|
||||
"refsource" : "CERT",
|
||||
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-346A.html"
|
||||
},
|
||||
{
|
||||
"name" : "21507",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/21507"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2006-4966",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2006/4966"
|
||||
},
|
||||
{
|
||||
"name" : "30816",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://www.osvdb.org/30816"
|
||||
},
|
||||
{
|
||||
"name" : "oval:org.mitre.oval:def:313",
|
||||
"refsource" : "OVAL",
|
||||
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A313"
|
||||
},
|
||||
{
|
||||
"name" : "1017374",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://securitytracker.com/id?1017374"
|
||||
},
|
||||
{
|
||||
"name" : "23288",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/23288"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka \"TIF Folder Information Disclosure Vulnerability,\" and a different issue than CVE-2006-5578."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "ADV-2006-4966",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2006/4966"
|
||||
},
|
||||
{
|
||||
"name": "23288",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/23288"
|
||||
},
|
||||
{
|
||||
"name": "TA06-346A",
|
||||
"refsource": "CERT",
|
||||
"url": "http://www.us-cert.gov/cas/techalerts/TA06-346A.html"
|
||||
},
|
||||
{
|
||||
"name": "1017374",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://securitytracker.com/id?1017374"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:313",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A313"
|
||||
},
|
||||
{
|
||||
"name": "21507",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/21507"
|
||||
},
|
||||
{
|
||||
"name": "SSRT061288",
|
||||
"refsource": "HP",
|
||||
"url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
|
||||
},
|
||||
{
|
||||
"name": "HPSBST02180",
|
||||
"refsource": "HP",
|
||||
"url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
|
||||
},
|
||||
{
|
||||
"name": "MS06-072",
|
||||
"refsource": "MS",
|
||||
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072"
|
||||
},
|
||||
{
|
||||
"name": "30816",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://www.osvdb.org/30816"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,97 +1,97 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2006-5702",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information (MySQL username and password) via an empty sort_mode parameter in (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-archive.php, (4) messu-mailbox.php, (5) messu-sent.php, (6) tiki-directory_add_site.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-forums.php, (10) tiki-view_forum.php, (11) tiki-friends.php, (12) tiki-list_blogs.php, (13) tiki-list_faqs.php, (14) tiki-list_trackers.php, (15) tiki-list_users.php, (16) tiki-my_tiki.php, (17) tiki-notepad_list.php, (18) tiki-orphan_pages.php, (19) tiki-shoutbox.php, (20) tiki-usermenu.php, and (21) tiki-webmail_contacts.php, which reveal the information in certain database error messages."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2006-5702",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20061101 tikiwiki 1.9.5 mysql password disclosure & xss",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://www.securityfocus.com/archive/1/450268/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name" : "GLSA-200611-11",
|
||||
"refsource" : "GENTOO",
|
||||
"url" : "http://security.gentoo.org/glsa/glsa-200611-11.xml"
|
||||
},
|
||||
{
|
||||
"name" : "20858",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/20858"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2006-4316",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2006/4316"
|
||||
},
|
||||
{
|
||||
"name" : "22678",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/22678"
|
||||
},
|
||||
{
|
||||
"name" : "23039",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/23039"
|
||||
},
|
||||
{
|
||||
"name" : "1816",
|
||||
"refsource" : "SREASON",
|
||||
"url" : "http://securityreason.com/securityalert/1816"
|
||||
},
|
||||
{
|
||||
"name" : "tikiwiki-password-info-disclosure(29960)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29960"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information (MySQL username and password) via an empty sort_mode parameter in (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-archive.php, (4) messu-mailbox.php, (5) messu-sent.php, (6) tiki-directory_add_site.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-forums.php, (10) tiki-view_forum.php, (11) tiki-friends.php, (12) tiki-list_blogs.php, (13) tiki-list_faqs.php, (14) tiki-list_trackers.php, (15) tiki-list_users.php, (16) tiki-my_tiki.php, (17) tiki-notepad_list.php, (18) tiki-orphan_pages.php, (19) tiki-shoutbox.php, (20) tiki-usermenu.php, and (21) tiki-webmail_contacts.php, which reveal the information in certain database error messages."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "ADV-2006-4316",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2006/4316"
|
||||
},
|
||||
{
|
||||
"name": "20061101 tikiwiki 1.9.5 mysql password disclosure & xss",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/450268/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name": "tikiwiki-password-info-disclosure(29960)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29960"
|
||||
},
|
||||
{
|
||||
"name": "22678",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/22678"
|
||||
},
|
||||
{
|
||||
"name": "23039",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/23039"
|
||||
},
|
||||
{
|
||||
"name": "GLSA-200611-11",
|
||||
"refsource": "GENTOO",
|
||||
"url": "http://security.gentoo.org/glsa/glsa-200611-11.xml"
|
||||
},
|
||||
{
|
||||
"name": "1816",
|
||||
"refsource": "SREASON",
|
||||
"url": "http://securityreason.com/securityalert/1816"
|
||||
},
|
||||
{
|
||||
"name": "20858",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/20858"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,197 +1,197 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2006-5925",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2006-5925",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20061115 Links smbclient command execution",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://www.securityfocus.com/archive/1/451870/100/200/threaded"
|
||||
},
|
||||
{
|
||||
"name" : "20061115 Links smbclient command execution",
|
||||
"refsource" : "FULLDISC",
|
||||
"url" : "http://marc.info/?l=full-disclosure&m=116355556512780&w=2"
|
||||
},
|
||||
{
|
||||
"name" : "http://bugzilla.elinks.cz/show_bug.cgi?id=841",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://bugzilla.elinks.cz/show_bug.cgi?id=841"
|
||||
},
|
||||
{
|
||||
"name" : "DSA-1228",
|
||||
"refsource" : "DEBIAN",
|
||||
"url" : "http://www.debian.org/security/2006/dsa-1228"
|
||||
},
|
||||
{
|
||||
"name" : "DSA-1226",
|
||||
"refsource" : "DEBIAN",
|
||||
"url" : "https://www.debian.org/security/2006/dsa-1226"
|
||||
},
|
||||
{
|
||||
"name" : "DSA-1240",
|
||||
"refsource" : "DEBIAN",
|
||||
"url" : "http://www.debian.org/security/2006/dsa-1240"
|
||||
},
|
||||
{
|
||||
"name" : "GLSA-200612-16",
|
||||
"refsource" : "GENTOO",
|
||||
"url" : "http://security.gentoo.org/glsa/glsa-200612-16.xml"
|
||||
},
|
||||
{
|
||||
"name" : "GLSA-200701-27",
|
||||
"refsource" : "GENTOO",
|
||||
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200701-27.xml"
|
||||
},
|
||||
{
|
||||
"name" : "MDKSA-2006:216",
|
||||
"refsource" : "MANDRIVA",
|
||||
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:216"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2006:0742",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0742.html"
|
||||
},
|
||||
{
|
||||
"name" : "SUSE-SR:2006:027",
|
||||
"refsource" : "SUSE",
|
||||
"url" : "http://www.novell.com/linux/security/advisories/2006_27_sr.html"
|
||||
},
|
||||
{
|
||||
"name" : "2007-0005",
|
||||
"refsource" : "TRUSTIX",
|
||||
"url" : "http://www.trustix.org/errata/2007/0005"
|
||||
},
|
||||
{
|
||||
"name" : "21082",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/21082"
|
||||
},
|
||||
{
|
||||
"name" : "oval:org.mitre.oval:def:11213",
|
||||
"refsource" : "OVAL",
|
||||
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11213"
|
||||
},
|
||||
{
|
||||
"name" : "1017232",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://securitytracker.com/id?1017232"
|
||||
},
|
||||
{
|
||||
"name" : "1017233",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://securitytracker.com/id?1017233"
|
||||
},
|
||||
{
|
||||
"name" : "22905",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/22905"
|
||||
},
|
||||
{
|
||||
"name" : "22920",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/22920"
|
||||
},
|
||||
{
|
||||
"name" : "22923",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/22923"
|
||||
},
|
||||
{
|
||||
"name" : "23022",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/23022"
|
||||
},
|
||||
{
|
||||
"name" : "23132",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/23132"
|
||||
},
|
||||
{
|
||||
"name" : "23234",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/23234"
|
||||
},
|
||||
{
|
||||
"name" : "23188",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/23188"
|
||||
},
|
||||
{
|
||||
"name" : "23467",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/23467"
|
||||
},
|
||||
{
|
||||
"name" : "23389",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/23389"
|
||||
},
|
||||
{
|
||||
"name" : "24005",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/24005"
|
||||
},
|
||||
{
|
||||
"name" : "24054",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/24054"
|
||||
},
|
||||
{
|
||||
"name" : "links-smbclient-command-execution(30299)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30299"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "1017233",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://securitytracker.com/id?1017233"
|
||||
},
|
||||
{
|
||||
"name": "22920",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/22920"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2006:0742",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2006-0742.html"
|
||||
},
|
||||
{
|
||||
"name": "22923",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/22923"
|
||||
},
|
||||
{
|
||||
"name": "GLSA-200612-16",
|
||||
"refsource": "GENTOO",
|
||||
"url": "http://security.gentoo.org/glsa/glsa-200612-16.xml"
|
||||
},
|
||||
{
|
||||
"name": "22905",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/22905"
|
||||
},
|
||||
{
|
||||
"name": "2007-0005",
|
||||
"refsource": "TRUSTIX",
|
||||
"url": "http://www.trustix.org/errata/2007/0005"
|
||||
},
|
||||
{
|
||||
"name": "20061115 Links smbclient command execution",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/451870/100/200/threaded"
|
||||
},
|
||||
{
|
||||
"name": "23467",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/23467"
|
||||
},
|
||||
{
|
||||
"name": "24005",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/24005"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:11213",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11213"
|
||||
},
|
||||
{
|
||||
"name": "23188",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/23188"
|
||||
},
|
||||
{
|
||||
"name": "DSA-1240",
|
||||
"refsource": "DEBIAN",
|
||||
"url": "http://www.debian.org/security/2006/dsa-1240"
|
||||
},
|
||||
{
|
||||
"name": "23234",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/23234"
|
||||
},
|
||||
{
|
||||
"name": "DSA-1228",
|
||||
"refsource": "DEBIAN",
|
||||
"url": "http://www.debian.org/security/2006/dsa-1228"
|
||||
},
|
||||
{
|
||||
"name": "1017232",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://securitytracker.com/id?1017232"
|
||||
},
|
||||
{
|
||||
"name": "SUSE-SR:2006:027",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://www.novell.com/linux/security/advisories/2006_27_sr.html"
|
||||
},
|
||||
{
|
||||
"name": "links-smbclient-command-execution(30299)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30299"
|
||||
},
|
||||
{
|
||||
"name": "24054",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/24054"
|
||||
},
|
||||
{
|
||||
"name": "23132",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/23132"
|
||||
},
|
||||
{
|
||||
"name": "21082",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/21082"
|
||||
},
|
||||
{
|
||||
"name": "20061115 Links smbclient command execution",
|
||||
"refsource": "FULLDISC",
|
||||
"url": "http://marc.info/?l=full-disclosure&m=116355556512780&w=2"
|
||||
},
|
||||
{
|
||||
"name": "DSA-1226",
|
||||
"refsource": "DEBIAN",
|
||||
"url": "https://www.debian.org/security/2006/dsa-1226"
|
||||
},
|
||||
{
|
||||
"name": "MDKSA-2006:216",
|
||||
"refsource": "MANDRIVA",
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:216"
|
||||
},
|
||||
{
|
||||
"name": "23389",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/23389"
|
||||
},
|
||||
{
|
||||
"name": "23022",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/23022"
|
||||
},
|
||||
{
|
||||
"name": "GLSA-200701-27",
|
||||
"refsource": "GENTOO",
|
||||
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-27.xml"
|
||||
},
|
||||
{
|
||||
"name": "http://bugzilla.elinks.cz/show_bug.cgi?id=841",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://bugzilla.elinks.cz/show_bug.cgi?id=841"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,102 +1,102 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2007-2060",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 extension to Mozilla Firefox allows remote attackers to execute arbitrary Javascript in the browser chrome via the RSS feed DOM."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2007-2060",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment/",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment/"
|
||||
},
|
||||
{
|
||||
"name" : "https://addons.mozilla.org/en-US/firefox/addon/424",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://addons.mozilla.org/en-US/firefox/addon/424"
|
||||
},
|
||||
{
|
||||
"name" : "http://www.kb.cert.org/vuls/id/MIMG-6ZKP4T",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.kb.cert.org/vuls/id/MIMG-6ZKP4T"
|
||||
},
|
||||
{
|
||||
"name" : "VU#319464",
|
||||
"refsource" : "CERT-VN",
|
||||
"url" : "http://www.kb.cert.org/vuls/id/319464"
|
||||
},
|
||||
{
|
||||
"name" : "23523",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/23523"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2007-1425",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2007/1425"
|
||||
},
|
||||
{
|
||||
"name" : "34534",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://osvdb.org/34534"
|
||||
},
|
||||
{
|
||||
"name" : "24913",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/24913"
|
||||
},
|
||||
{
|
||||
"name" : "firefox-wizz-rssfeed-xss(33693)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33693"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 extension to Mozilla Firefox allows remote attackers to execute arbitrary Javascript in the browser chrome via the RSS feed DOM."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "ADV-2007-1425",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2007/1425"
|
||||
},
|
||||
{
|
||||
"name": "23523",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/23523"
|
||||
},
|
||||
{
|
||||
"name": "http://www.kb.cert.org/vuls/id/MIMG-6ZKP4T",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.kb.cert.org/vuls/id/MIMG-6ZKP4T"
|
||||
},
|
||||
{
|
||||
"name": "24913",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/24913"
|
||||
},
|
||||
{
|
||||
"name": "VU#319464",
|
||||
"refsource": "CERT-VN",
|
||||
"url": "http://www.kb.cert.org/vuls/id/319464"
|
||||
},
|
||||
{
|
||||
"name": "34534",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://osvdb.org/34534"
|
||||
},
|
||||
{
|
||||
"name": "https://addons.mozilla.org/en-US/firefox/addon/424",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://addons.mozilla.org/en-US/firefox/addon/424"
|
||||
},
|
||||
{
|
||||
"name": "firefox-wizz-rssfeed-xss(33693)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33693"
|
||||
},
|
||||
{
|
||||
"name": "http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment/",
|
||||
"refsource": "MISC",
|
||||
"url": "http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment/"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,87 +1,87 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2007-2686",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Cross-site scripting (XSS) vulnerability in index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in a sendpwd task."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2007-2686",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20070522 Jetbox CMS version 2.1 XSS Attack Vulnerability",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://www.securityfocus.com/archive/1/469233/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name" : "20070522 Jetbox CMS version 2.1 XSS Attack Vulnerability",
|
||||
"refsource" : "FULLDISC",
|
||||
"url" : "http://marc.info/?l=full-disclosure&m=117981938101135&w=2"
|
||||
},
|
||||
{
|
||||
"name" : "http://www.netvigilance.com/advisory0029",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://www.netvigilance.com/advisory0029"
|
||||
},
|
||||
{
|
||||
"name" : "24095",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/24095"
|
||||
},
|
||||
{
|
||||
"name" : "34791",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://www.osvdb.org/34791"
|
||||
},
|
||||
{
|
||||
"name" : "jetbox-index-xss(34415)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34415"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-site scripting (XSS) vulnerability in index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in a sendpwd task."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://www.netvigilance.com/advisory0029",
|
||||
"refsource": "MISC",
|
||||
"url": "http://www.netvigilance.com/advisory0029"
|
||||
},
|
||||
{
|
||||
"name": "jetbox-index-xss(34415)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34415"
|
||||
},
|
||||
{
|
||||
"name": "34791",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://www.osvdb.org/34791"
|
||||
},
|
||||
{
|
||||
"name": "20070522 Jetbox CMS version 2.1 XSS Attack Vulnerability",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/469233/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name": "24095",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/24095"
|
||||
},
|
||||
{
|
||||
"name": "20070522 Jetbox CMS version 2.1 XSS Attack Vulnerability",
|
||||
"refsource": "FULLDISC",
|
||||
"url": "http://marc.info/?l=full-disclosure&m=117981938101135&w=2"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,77 +1,77 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2010-0038",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for iPod touch 1.1 through 3.1.2, allows physically proximate attackers to bypass device locking, and read or modify arbitrary data, via a USB control message that triggers memory corruption."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "product-security@apple.com",
|
||||
"ID": "CVE-2010-0038",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://support.apple.com/kb/HT4013",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://support.apple.com/kb/HT4013"
|
||||
},
|
||||
{
|
||||
"name" : "APPLE-SA-2010-02-02-1",
|
||||
"refsource" : "APPLE",
|
||||
"url" : "http://lists.apple.com/archives/security-announce/2010/Feb/msg00000.html"
|
||||
},
|
||||
{
|
||||
"name" : "38040",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/38040"
|
||||
},
|
||||
{
|
||||
"name" : "62128",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://osvdb.org/62128"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for iPod touch 1.1 through 3.1.2, allows physically proximate attackers to bypass device locking, and read or modify arbitrary data, via a USB control message that triggers memory corruption."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "62128",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://osvdb.org/62128"
|
||||
},
|
||||
{
|
||||
"name": "APPLE-SA-2010-02-02-1",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/security-announce/2010/Feb/msg00000.html"
|
||||
},
|
||||
{
|
||||
"name": "38040",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/38040"
|
||||
},
|
||||
{
|
||||
"name": "http://support.apple.com/kb/HT4013",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://support.apple.com/kb/HT4013"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,212 +1,212 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2010-0093",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0095."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert_us@oracle.com",
|
||||
"ID": "CVE-2010-0093",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name" : "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html"
|
||||
},
|
||||
{
|
||||
"name" : "http://support.apple.com/kb/HT4170",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://support.apple.com/kb/HT4170"
|
||||
},
|
||||
{
|
||||
"name" : "http://support.apple.com/kb/HT4171",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://support.apple.com/kb/HT4171"
|
||||
},
|
||||
{
|
||||
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
|
||||
},
|
||||
{
|
||||
"name" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
|
||||
},
|
||||
{
|
||||
"name" : "APPLE-SA-2010-05-18-1",
|
||||
"refsource" : "APPLE",
|
||||
"url" : "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
|
||||
},
|
||||
{
|
||||
"name" : "APPLE-SA-2010-05-18-2",
|
||||
"refsource" : "APPLE",
|
||||
"url" : "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
|
||||
},
|
||||
{
|
||||
"name" : "HPSBMA02547",
|
||||
"refsource" : "HP",
|
||||
"url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
|
||||
},
|
||||
{
|
||||
"name" : "SSRT100179",
|
||||
"refsource" : "HP",
|
||||
"url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
|
||||
},
|
||||
{
|
||||
"name" : "HPSBMU02799",
|
||||
"refsource" : "HP",
|
||||
"url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
|
||||
},
|
||||
{
|
||||
"name" : "HPSBUX02524",
|
||||
"refsource" : "HP",
|
||||
"url" : "http://marc.info/?l=bugtraq&m=127557596201693&w=2"
|
||||
},
|
||||
{
|
||||
"name" : "SSRT100089",
|
||||
"refsource" : "HP",
|
||||
"url" : "http://marc.info/?l=bugtraq&m=127557596201693&w=2"
|
||||
},
|
||||
{
|
||||
"name" : "MDVSA-2010:084",
|
||||
"refsource" : "MANDRIVA",
|
||||
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2010:0337",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0337.html"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2010:0338",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0338.html"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2010:0339",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0339.html"
|
||||
},
|
||||
{
|
||||
"name" : "SUSE-SR:2010:008",
|
||||
"refsource" : "SUSE",
|
||||
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
|
||||
},
|
||||
{
|
||||
"name" : "SUSE-SR:2010:011",
|
||||
"refsource" : "SUSE",
|
||||
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
|
||||
},
|
||||
{
|
||||
"name" : "USN-923-1",
|
||||
"refsource" : "UBUNTU",
|
||||
"url" : "http://ubuntu.com/usn/usn-923-1"
|
||||
},
|
||||
{
|
||||
"name" : "63485",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://osvdb.org/63485"
|
||||
},
|
||||
{
|
||||
"name" : "oval:org.mitre.oval:def:9877",
|
||||
"refsource" : "OVAL",
|
||||
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9877"
|
||||
},
|
||||
{
|
||||
"name" : "oval:org.mitre.oval:def:14288",
|
||||
"refsource" : "OVAL",
|
||||
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14288"
|
||||
},
|
||||
{
|
||||
"name" : "39292",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/39292"
|
||||
},
|
||||
{
|
||||
"name" : "39317",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/39317"
|
||||
},
|
||||
{
|
||||
"name" : "39819",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/39819"
|
||||
},
|
||||
{
|
||||
"name" : "40545",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/40545"
|
||||
},
|
||||
{
|
||||
"name" : "43308",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/43308"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2010-1107",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2010/1107"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2010-1191",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2010/1191"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2010-1793",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2010/1793"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0095."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "APPLE-SA-2010-05-18-1",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
|
||||
},
|
||||
{
|
||||
"name": "HPSBMU02799",
|
||||
"refsource": "HP",
|
||||
"url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
|
||||
},
|
||||
{
|
||||
"name": "39317",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/39317"
|
||||
},
|
||||
{
|
||||
"name": "40545",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/40545"
|
||||
},
|
||||
{
|
||||
"name": "39819",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/39819"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2010-1107",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2010/1107"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2010:0338",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2010-1793",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2010/1793"
|
||||
},
|
||||
{
|
||||
"name": "APPLE-SA-2010-05-18-2",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
|
||||
},
|
||||
{
|
||||
"name": "SUSE-SR:2010:011",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
|
||||
},
|
||||
{
|
||||
"name": "43308",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/43308"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:9877",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9877"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:14288",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14288"
|
||||
},
|
||||
{
|
||||
"name": "SSRT100179",
|
||||
"refsource": "HP",
|
||||
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
|
||||
},
|
||||
{
|
||||
"name": "SSRT100089",
|
||||
"refsource": "HP",
|
||||
"url": "http://marc.info/?l=bugtraq&m=127557596201693&w=2"
|
||||
},
|
||||
{
|
||||
"name": "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2010:0339",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2010-0339.html"
|
||||
},
|
||||
{
|
||||
"name": "HPSBUX02524",
|
||||
"refsource": "HP",
|
||||
"url": "http://marc.info/?l=bugtraq&m=127557596201693&w=2"
|
||||
},
|
||||
{
|
||||
"name": "39292",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/39292"
|
||||
},
|
||||
{
|
||||
"name": "http://support.apple.com/kb/HT4170",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://support.apple.com/kb/HT4170"
|
||||
},
|
||||
{
|
||||
"name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
|
||||
},
|
||||
{
|
||||
"name": "SUSE-SR:2010:008",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
|
||||
},
|
||||
{
|
||||
"name": "USN-923-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://ubuntu.com/usn/usn-923-1"
|
||||
},
|
||||
{
|
||||
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2010:0337",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html"
|
||||
},
|
||||
{
|
||||
"name": "63485",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://osvdb.org/63485"
|
||||
},
|
||||
{
|
||||
"name": "HPSBMA02547",
|
||||
"refsource": "HP",
|
||||
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
|
||||
},
|
||||
{
|
||||
"name": "http://support.apple.com/kb/HT4171",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://support.apple.com/kb/HT4171"
|
||||
},
|
||||
{
|
||||
"name": "MDVSA-2010:084",
|
||||
"refsource": "MANDRIVA",
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
|
||||
},
|
||||
{
|
||||
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2010-1191",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2010/1191"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,82 +1,82 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2010-0450",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Unspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote authenticated users to gain privileges via unknown vectors."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "hp-security-alert@hp.com",
|
||||
"ID": "CVE-2010-0450",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "HPSBMA02490",
|
||||
"refsource" : "HP",
|
||||
"url" : "http://marc.info/?l=bugtraq&m=126996774125378&w=2"
|
||||
},
|
||||
{
|
||||
"name" : "SSRT090222",
|
||||
"refsource" : "HP",
|
||||
"url" : "http://marc.info/?l=bugtraq&m=126996774125378&w=2"
|
||||
},
|
||||
{
|
||||
"name" : "39061",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/39061"
|
||||
},
|
||||
{
|
||||
"name" : "1023765",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id?1023765"
|
||||
},
|
||||
{
|
||||
"name" : "39187",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/39187"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Unspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote authenticated users to gain privileges via unknown vectors."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "HPSBMA02490",
|
||||
"refsource": "HP",
|
||||
"url": "http://marc.info/?l=bugtraq&m=126996774125378&w=2"
|
||||
},
|
||||
{
|
||||
"name": "1023765",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id?1023765"
|
||||
},
|
||||
{
|
||||
"name": "SSRT090222",
|
||||
"refsource": "HP",
|
||||
"url": "http://marc.info/?l=bugtraq&m=126996774125378&w=2"
|
||||
},
|
||||
{
|
||||
"name": "39187",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/39187"
|
||||
},
|
||||
{
|
||||
"name": "39061",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/39061"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,87 +1,87 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2010-0654",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2010-0654",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://code.google.com/p/chromium/issues/detail?id=9877",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://code.google.com/p/chromium/issues/detail?id=9877"
|
||||
},
|
||||
{
|
||||
"name" : "http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html"
|
||||
},
|
||||
{
|
||||
"name" : "http://websec.sv.cmu.edu/css/css.pdf",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://websec.sv.cmu.edu/css/css.pdf"
|
||||
},
|
||||
{
|
||||
"name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-46.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-46.html"
|
||||
},
|
||||
{
|
||||
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=524223",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=524223"
|
||||
},
|
||||
{
|
||||
"name" : "oval:org.mitre.oval:def:11811",
|
||||
"refsource" : "OVAL",
|
||||
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11811"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html",
|
||||
"refsource": "MISC",
|
||||
"url": "http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html"
|
||||
},
|
||||
{
|
||||
"name": "http://websec.sv.cmu.edu/css/css.pdf",
|
||||
"refsource": "MISC",
|
||||
"url": "http://websec.sv.cmu.edu/css/css.pdf"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:11811",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11811"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=524223",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=524223"
|
||||
},
|
||||
{
|
||||
"name": "http://code.google.com/p/chromium/issues/detail?id=9877",
|
||||
"refsource": "MISC",
|
||||
"url": "http://code.google.com/p/chromium/issues/detail?id=9877"
|
||||
},
|
||||
{
|
||||
"name": "http://www.mozilla.org/security/announce/2010/mfsa2010-46.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-46.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,97 +1,97 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2010-0961",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Buffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2010-0961",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://aix.software.ibm.com/aix/efixes/security/qoslist_advisory.asc",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://aix.software.ibm.com/aix/efixes/security/qoslist_advisory.asc"
|
||||
},
|
||||
{
|
||||
"name" : "IZ68194",
|
||||
"refsource" : "AIXAPAR",
|
||||
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ68194"
|
||||
},
|
||||
{
|
||||
"name" : "IZ71554",
|
||||
"refsource" : "AIXAPAR",
|
||||
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ71554"
|
||||
},
|
||||
{
|
||||
"name" : "IZ71590",
|
||||
"refsource" : "AIXAPAR",
|
||||
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ71590"
|
||||
},
|
||||
{
|
||||
"name" : "IZ71869",
|
||||
"refsource" : "AIXAPAR",
|
||||
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ71869"
|
||||
},
|
||||
{
|
||||
"name" : "oval:org.mitre.oval:def:12051",
|
||||
"refsource" : "OVAL",
|
||||
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12051"
|
||||
},
|
||||
{
|
||||
"name" : "1023694",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://securitytracker.com/id?1023694"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2010-0556",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2010/0556"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Buffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://aix.software.ibm.com/aix/efixes/security/qoslist_advisory.asc",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://aix.software.ibm.com/aix/efixes/security/qoslist_advisory.asc"
|
||||
},
|
||||
{
|
||||
"name": "1023694",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://securitytracker.com/id?1023694"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2010-0556",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2010/0556"
|
||||
},
|
||||
{
|
||||
"name": "IZ71590",
|
||||
"refsource": "AIXAPAR",
|
||||
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71590"
|
||||
},
|
||||
{
|
||||
"name": "IZ71554",
|
||||
"refsource": "AIXAPAR",
|
||||
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71554"
|
||||
},
|
||||
{
|
||||
"name": "IZ68194",
|
||||
"refsource": "AIXAPAR",
|
||||
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ68194"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:12051",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12051"
|
||||
},
|
||||
{
|
||||
"name": "IZ71869",
|
||||
"refsource": "AIXAPAR",
|
||||
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71869"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,82 +1,82 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2010-1267",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Multiple directory traversal vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the com parameter to (1) cContactus.php, (2) cGuestbook.php, and (3) cArticle.php."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2010-1267",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://inj3ct0r.com/exploits/11394",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://inj3ct0r.com/exploits/11394"
|
||||
},
|
||||
{
|
||||
"name" : "http://packetstormsecurity.org/1003-exploits/webmaid-rfilfi.txt",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://packetstormsecurity.org/1003-exploits/webmaid-rfilfi.txt"
|
||||
},
|
||||
{
|
||||
"name" : "11831",
|
||||
"refsource" : "EXPLOIT-DB",
|
||||
"url" : "http://www.exploit-db.com/exploits/11831"
|
||||
},
|
||||
{
|
||||
"name" : "38993",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/38993"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2010-0674",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2010/0674"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Multiple directory traversal vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the com parameter to (1) cContactus.php, (2) cGuestbook.php, and (3) cArticle.php."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "ADV-2010-0674",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2010/0674"
|
||||
},
|
||||
{
|
||||
"name": "11831",
|
||||
"refsource": "EXPLOIT-DB",
|
||||
"url": "http://www.exploit-db.com/exploits/11831"
|
||||
},
|
||||
{
|
||||
"name": "38993",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/38993"
|
||||
},
|
||||
{
|
||||
"name": "http://inj3ct0r.com/exploits/11394",
|
||||
"refsource": "MISC",
|
||||
"url": "http://inj3ct0r.com/exploits/11394"
|
||||
},
|
||||
{
|
||||
"name": "http://packetstormsecurity.org/1003-exploits/webmaid-rfilfi.txt",
|
||||
"refsource": "MISC",
|
||||
"url": "http://packetstormsecurity.org/1003-exploits/webmaid-rfilfi.txt"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,182 +1,182 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2010-1408",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to bypass intended restrictions on outbound connections to \"non-default TCP ports\" via a crafted port number, related to an \"integer truncation issue.\" NOTE: this may overlap CVE-2010-1099."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "product-security@apple.com",
|
||||
"ID": "CVE-2010-1408",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://support.apple.com/kb/HT4196",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://support.apple.com/kb/HT4196"
|
||||
},
|
||||
{
|
||||
"name" : "http://support.apple.com/kb/HT4220",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://support.apple.com/kb/HT4220"
|
||||
},
|
||||
{
|
||||
"name" : "http://support.apple.com/kb/HT4225",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://support.apple.com/kb/HT4225"
|
||||
},
|
||||
{
|
||||
"name" : "http://support.apple.com/kb/HT4456",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://support.apple.com/kb/HT4456"
|
||||
},
|
||||
{
|
||||
"name" : "APPLE-SA-2010-06-07-1",
|
||||
"refsource" : "APPLE",
|
||||
"url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html"
|
||||
},
|
||||
{
|
||||
"name" : "APPLE-SA-2010-06-16-1",
|
||||
"refsource" : "APPLE",
|
||||
"url" : "http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html"
|
||||
},
|
||||
{
|
||||
"name" : "APPLE-SA-2010-06-21-1",
|
||||
"refsource" : "APPLE",
|
||||
"url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
|
||||
},
|
||||
{
|
||||
"name" : "APPLE-SA-2010-11-22-1",
|
||||
"refsource" : "APPLE",
|
||||
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
|
||||
},
|
||||
{
|
||||
"name" : "MDVSA-2011:039",
|
||||
"refsource" : "MANDRIVA",
|
||||
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
|
||||
},
|
||||
{
|
||||
"name" : "SUSE-SR:2011:002",
|
||||
"refsource" : "SUSE",
|
||||
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
|
||||
},
|
||||
{
|
||||
"name" : "USN-1006-1",
|
||||
"refsource" : "UBUNTU",
|
||||
"url" : "http://www.ubuntu.com/usn/USN-1006-1"
|
||||
},
|
||||
{
|
||||
"name" : "40620",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/40620"
|
||||
},
|
||||
{
|
||||
"name" : "40697",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/40697"
|
||||
},
|
||||
{
|
||||
"name" : "oval:org.mitre.oval:def:7295",
|
||||
"refsource" : "OVAL",
|
||||
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7295"
|
||||
},
|
||||
{
|
||||
"name" : "1024067",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://securitytracker.com/id?1024067"
|
||||
},
|
||||
{
|
||||
"name" : "40105",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/40105"
|
||||
},
|
||||
{
|
||||
"name" : "40196",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/40196"
|
||||
},
|
||||
{
|
||||
"name" : "41856",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/41856"
|
||||
},
|
||||
{
|
||||
"name" : "42314",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/42314"
|
||||
},
|
||||
{
|
||||
"name" : "43068",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/43068"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2010-1373",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2010/1373"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2010-1512",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2010/1512"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2010-2722",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2010/2722"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2011-0212",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2011/0212"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2011-0552",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2011/0552"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to bypass intended restrictions on outbound connections to \"non-default TCP ports\" via a crafted port number, related to an \"integer truncation issue.\" NOTE: this may overlap CVE-2010-1099."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "MDVSA-2011:039",
|
||||
"refsource": "MANDRIVA",
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
|
||||
},
|
||||
{
|
||||
"name": "http://support.apple.com/kb/HT4220",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://support.apple.com/kb/HT4220"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2010-2722",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2010/2722"
|
||||
},
|
||||
{
|
||||
"name": "43068",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/43068"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:7295",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7295"
|
||||
},
|
||||
{
|
||||
"name": "USN-1006-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-1006-1"
|
||||
},
|
||||
{
|
||||
"name": "41856",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/41856"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2011-0212",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2011/0212"
|
||||
},
|
||||
{
|
||||
"name": "http://support.apple.com/kb/HT4225",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://support.apple.com/kb/HT4225"
|
||||
},
|
||||
{
|
||||
"name": "APPLE-SA-2010-06-07-1",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html"
|
||||
},
|
||||
{
|
||||
"name": "40697",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/40697"
|
||||
},
|
||||
{
|
||||
"name": "40196",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/40196"
|
||||
},
|
||||
{
|
||||
"name": "40105",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/40105"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2010-1373",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2010/1373"
|
||||
},
|
||||
{
|
||||
"name": "APPLE-SA-2010-06-16-1",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html"
|
||||
},
|
||||
{
|
||||
"name": "SUSE-SR:2011:002",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
|
||||
},
|
||||
{
|
||||
"name": "42314",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/42314"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2010-1512",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2010/1512"
|
||||
},
|
||||
{
|
||||
"name": "40620",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/40620"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2011-0552",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2011/0552"
|
||||
},
|
||||
{
|
||||
"name": "http://support.apple.com/kb/HT4456",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://support.apple.com/kb/HT4456"
|
||||
},
|
||||
{
|
||||
"name": "1024067",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://securitytracker.com/id?1024067"
|
||||
},
|
||||
{
|
||||
"name": "http://support.apple.com/kb/HT4196",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://support.apple.com/kb/HT4196"
|
||||
},
|
||||
{
|
||||
"name": "APPLE-SA-2010-06-21-1",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
|
||||
},
|
||||
{
|
||||
"name": "APPLE-SA-2010-11-22-1",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,82 +1,82 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2010-1653",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2010-1653",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://packetstormsecurity.org/1004-exploits/joomlagraphics-lfi.txt",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://packetstormsecurity.org/1004-exploits/joomlagraphics-lfi.txt"
|
||||
},
|
||||
{
|
||||
"name" : "12430",
|
||||
"refsource" : "EXPLOIT-DB",
|
||||
"url" : "http://www.exploit-db.com/exploits/12430"
|
||||
},
|
||||
{
|
||||
"name" : "39743",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/39743"
|
||||
},
|
||||
{
|
||||
"name" : "39585",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/39585"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2010-1004",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2010/1004"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "39743",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/39743"
|
||||
},
|
||||
{
|
||||
"name": "http://packetstormsecurity.org/1004-exploits/joomlagraphics-lfi.txt",
|
||||
"refsource": "MISC",
|
||||
"url": "http://packetstormsecurity.org/1004-exploits/joomlagraphics-lfi.txt"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2010-1004",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2010/1004"
|
||||
},
|
||||
{
|
||||
"name": "12430",
|
||||
"refsource": "EXPLOIT-DB",
|
||||
"url": "http://www.exploit-db.com/exploits/12430"
|
||||
},
|
||||
{
|
||||
"name": "39585",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/39585"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,167 +1,167 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2010-1797",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "product-security@apple.com",
|
||||
"ID": "CVE-2010-1797",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://support.apple.com/kb/HT4291",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://support.apple.com/kb/HT4291"
|
||||
},
|
||||
{
|
||||
"name" : "http://support.apple.com/kb/HT4292",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://support.apple.com/kb/HT4292"
|
||||
},
|
||||
{
|
||||
"name" : "http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2"
|
||||
},
|
||||
{
|
||||
"name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=018f5c27813dd7eef4648fe254632ecea0c85a50",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=018f5c27813dd7eef4648fe254632ecea0c85a50"
|
||||
},
|
||||
{
|
||||
"name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=11d65e8a1f1f14e56148fd991965424d9bd1cdbc",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=11d65e8a1f1f14e56148fd991965424d9bd1cdbc"
|
||||
},
|
||||
{
|
||||
"name" : "http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view"
|
||||
},
|
||||
{
|
||||
"name" : "https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019"
|
||||
},
|
||||
{
|
||||
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=621144",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=621144"
|
||||
},
|
||||
{
|
||||
"name" : "14538",
|
||||
"refsource" : "EXPLOIT-DB",
|
||||
"url" : "http://www.exploit-db.com/exploits/14538"
|
||||
},
|
||||
{
|
||||
"name" : "http://www.f-secure.com/weblog/archives/00002002.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://www.f-secure.com/weblog/archives/00002002.html"
|
||||
},
|
||||
{
|
||||
"name" : "APPLE-SA-2010-08-11-1",
|
||||
"refsource" : "APPLE",
|
||||
"url" : "http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html"
|
||||
},
|
||||
{
|
||||
"name" : "APPLE-SA-2010-08-11-2",
|
||||
"refsource" : "APPLE",
|
||||
"url" : "http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html"
|
||||
},
|
||||
{
|
||||
"name" : "USN-972-1",
|
||||
"refsource" : "UBUNTU",
|
||||
"url" : "http://www.ubuntu.com/usn/USN-972-1"
|
||||
},
|
||||
{
|
||||
"name" : "42151",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/42151"
|
||||
},
|
||||
{
|
||||
"name" : "66828",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://osvdb.org/66828"
|
||||
},
|
||||
{
|
||||
"name" : "40807",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/40807"
|
||||
},
|
||||
{
|
||||
"name" : "40816",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/40816"
|
||||
},
|
||||
{
|
||||
"name" : "40982",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/40982"
|
||||
},
|
||||
{
|
||||
"name" : "48951",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/48951"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2010-2018",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2010/2018"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2010-2106",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2010/2106"
|
||||
},
|
||||
{
|
||||
"name" : "appleios-pdf-code-execution(60856)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60856"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=018f5c27813dd7eef4648fe254632ecea0c85a50",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=018f5c27813dd7eef4648fe254632ecea0c85a50"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=621144",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=621144"
|
||||
},
|
||||
{
|
||||
"name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=11d65e8a1f1f14e56148fd991965424d9bd1cdbc",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=11d65e8a1f1f14e56148fd991965424d9bd1cdbc"
|
||||
},
|
||||
{
|
||||
"name": "14538",
|
||||
"refsource": "EXPLOIT-DB",
|
||||
"url": "http://www.exploit-db.com/exploits/14538"
|
||||
},
|
||||
{
|
||||
"name": "https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2010-2018",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2010/2018"
|
||||
},
|
||||
{
|
||||
"name": "66828",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://osvdb.org/66828"
|
||||
},
|
||||
{
|
||||
"name": "http://www.f-secure.com/weblog/archives/00002002.html",
|
||||
"refsource": "MISC",
|
||||
"url": "http://www.f-secure.com/weblog/archives/00002002.html"
|
||||
},
|
||||
{
|
||||
"name": "USN-972-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-972-1"
|
||||
},
|
||||
{
|
||||
"name": "APPLE-SA-2010-08-11-2",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html"
|
||||
},
|
||||
{
|
||||
"name": "40816",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/40816"
|
||||
},
|
||||
{
|
||||
"name": "http://support.apple.com/kb/HT4292",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://support.apple.com/kb/HT4292"
|
||||
},
|
||||
{
|
||||
"name": "http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2"
|
||||
},
|
||||
{
|
||||
"name": "http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view"
|
||||
},
|
||||
{
|
||||
"name": "42151",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/42151"
|
||||
},
|
||||
{
|
||||
"name": "http://support.apple.com/kb/HT4291",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://support.apple.com/kb/HT4291"
|
||||
},
|
||||
{
|
||||
"name": "40982",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/40982"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2010-2106",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2010/2106"
|
||||
},
|
||||
{
|
||||
"name": "APPLE-SA-2010-08-11-1",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html"
|
||||
},
|
||||
{
|
||||
"name": "48951",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/48951"
|
||||
},
|
||||
{
|
||||
"name": "appleios-pdf-code-execution(60856)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60856"
|
||||
},
|
||||
{
|
||||
"name": "40807",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/40807"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,82 +1,82 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2010-1968",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Cross-site request forgery (CSRF) vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than CVE-2010-1971."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "hp-security-alert@hp.com",
|
||||
"ID": "CVE-2010-1968",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "HPSBMA02550",
|
||||
"refsource" : "HP",
|
||||
"url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282377"
|
||||
},
|
||||
{
|
||||
"name" : "SSRT100170",
|
||||
"refsource" : "HP",
|
||||
"url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282377"
|
||||
},
|
||||
{
|
||||
"name" : "1024185",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://securitytracker.com/id?1024185"
|
||||
},
|
||||
{
|
||||
"name" : "40544",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/40544"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2010-1792",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2010/1792"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-site request forgery (CSRF) vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than CVE-2010-1971."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "ADV-2010-1792",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2010/1792"
|
||||
},
|
||||
{
|
||||
"name": "1024185",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://securitytracker.com/id?1024185"
|
||||
},
|
||||
{
|
||||
"name": "40544",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/40544"
|
||||
},
|
||||
{
|
||||
"name": "SSRT100170",
|
||||
"refsource": "HP",
|
||||
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282377"
|
||||
},
|
||||
{
|
||||
"name": "HPSBMA02550",
|
||||
"refsource": "HP",
|
||||
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282377"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,92 +1,92 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2010-3351",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "startBristol in Bristol 0.60.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2010-3351",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598285",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598285"
|
||||
},
|
||||
{
|
||||
"name" : "FEDORA-2010-16676",
|
||||
"refsource" : "FEDORA",
|
||||
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050787.html"
|
||||
},
|
||||
{
|
||||
"name" : "FEDORA-2010-16687",
|
||||
"refsource" : "FEDORA",
|
||||
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050805.html"
|
||||
},
|
||||
{
|
||||
"name" : "FEDORA-2010-16714",
|
||||
"refsource" : "FEDORA",
|
||||
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050784.html"
|
||||
},
|
||||
{
|
||||
"name" : "44335",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/44335"
|
||||
},
|
||||
{
|
||||
"name" : "42272",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/42272"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2010-2972",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2010/2972"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "startBristol in Bristol 0.60.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598285",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598285"
|
||||
},
|
||||
{
|
||||
"name": "42272",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/42272"
|
||||
},
|
||||
{
|
||||
"name": "FEDORA-2010-16714",
|
||||
"refsource": "FEDORA",
|
||||
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050784.html"
|
||||
},
|
||||
{
|
||||
"name": "FEDORA-2010-16687",
|
||||
"refsource": "FEDORA",
|
||||
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050805.html"
|
||||
},
|
||||
{
|
||||
"name": "FEDORA-2010-16676",
|
||||
"refsource": "FEDORA",
|
||||
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050787.html"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2010-2972",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2010/2972"
|
||||
},
|
||||
{
|
||||
"name": "44335",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/44335"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,92 +1,92 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2010-3481",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Multiple SQL injection vulnerabilities in login.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) password variables, possibly related to include/classes/Login.php. NOTE: some of these details are obtained from third party information. NOTE: the password vector might not be vulnerable."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2010-3481",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "15011",
|
||||
"refsource" : "EXPLOIT-DB",
|
||||
"url" : "http://www.exploit-db.com/exploits/15011"
|
||||
},
|
||||
{
|
||||
"name" : "20100922 MOAUB #15 - PHP MicroCMS 1.0.1",
|
||||
"refsource" : "VIM",
|
||||
"url" : "http://www.attrition.org/pipermail/vim/2010-September/002439.html"
|
||||
},
|
||||
{
|
||||
"name" : "43232",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/43232"
|
||||
},
|
||||
{
|
||||
"name" : "68073",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://osvdb.org/68073"
|
||||
},
|
||||
{
|
||||
"name" : "41455",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/41455"
|
||||
},
|
||||
{
|
||||
"name" : "41492",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/41492"
|
||||
},
|
||||
{
|
||||
"name" : "phpmicrocms-login-sql-injection(61810)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61810"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Multiple SQL injection vulnerabilities in login.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) password variables, possibly related to include/classes/Login.php. NOTE: some of these details are obtained from third party information. NOTE: the password vector might not be vulnerable."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "41492",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/41492"
|
||||
},
|
||||
{
|
||||
"name": "phpmicrocms-login-sql-injection(61810)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61810"
|
||||
},
|
||||
{
|
||||
"name": "43232",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/43232"
|
||||
},
|
||||
{
|
||||
"name": "68073",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://osvdb.org/68073"
|
||||
},
|
||||
{
|
||||
"name": "15011",
|
||||
"refsource": "EXPLOIT-DB",
|
||||
"url": "http://www.exploit-db.com/exploits/15011"
|
||||
},
|
||||
{
|
||||
"name": "20100922 MOAUB #15 - PHP MicroCMS 1.0.1",
|
||||
"refsource": "VIM",
|
||||
"url": "http://www.attrition.org/pipermail/vim/2010-September/002439.html"
|
||||
},
|
||||
{
|
||||
"name": "41455",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/41455"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,92 +1,92 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2010-4427",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.1.3.4.0, 10.1.3.4.1, and 11.1.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Web Server."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert_us@oracle.com",
|
||||
"ID": "CVE-2010-4427",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
|
||||
},
|
||||
{
|
||||
"name" : "45900",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/45900"
|
||||
},
|
||||
{
|
||||
"name" : "70561",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://osvdb.org/70561"
|
||||
},
|
||||
{
|
||||
"name" : "1024981",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id?1024981"
|
||||
},
|
||||
{
|
||||
"name" : "42977",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/42977"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2011-0143",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2011/0143"
|
||||
},
|
||||
{
|
||||
"name" : "oracle-bipublisher-unauth-access(64777)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64777"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.1.3.4.0, 10.1.3.4.1, and 11.1.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Web Server."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "ADV-2011-0143",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2011/0143"
|
||||
},
|
||||
{
|
||||
"name": "42977",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/42977"
|
||||
},
|
||||
{
|
||||
"name": "1024981",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id?1024981"
|
||||
},
|
||||
{
|
||||
"name": "oracle-bipublisher-unauth-access(64777)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64777"
|
||||
},
|
||||
{
|
||||
"name": "45900",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/45900"
|
||||
},
|
||||
{
|
||||
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
|
||||
},
|
||||
{
|
||||
"name": "70561",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://osvdb.org/70561"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,92 +1,92 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2010-4461",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #23, 9.0 Bundle #14, and 9.1 Bundle #4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to ePerformance."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert_us@oracle.com",
|
||||
"ID": "CVE-2010-4461",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
|
||||
},
|
||||
{
|
||||
"name" : "45857",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/45857"
|
||||
},
|
||||
{
|
||||
"name" : "70591",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://osvdb.org/70591"
|
||||
},
|
||||
{
|
||||
"name" : "1024978",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id?1024978"
|
||||
},
|
||||
{
|
||||
"name" : "42982",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/42982"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2011-0147",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2011/0147"
|
||||
},
|
||||
{
|
||||
"name" : "peoplesoft-eperformance-unauth-access(64790)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64790"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #23, 9.0 Bundle #14, and 9.1 Bundle #4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to ePerformance."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "ADV-2011-0147",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2011/0147"
|
||||
},
|
||||
{
|
||||
"name": "70591",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://osvdb.org/70591"
|
||||
},
|
||||
{
|
||||
"name": "peoplesoft-eperformance-unauth-access(64790)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64790"
|
||||
},
|
||||
{
|
||||
"name": "1024978",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id?1024978"
|
||||
},
|
||||
{
|
||||
"name": "45857",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/45857"
|
||||
},
|
||||
{
|
||||
"name": "42982",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/42982"
|
||||
},
|
||||
{
|
||||
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,102 +1,102 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2014-0547",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, and CVE-2014-0555."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "psirt@adobe.com",
|
||||
"ID": "CVE-2014-0547",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://helpx.adobe.com/security/products/flash-player/apsb14-21.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://helpx.adobe.com/security/products/flash-player/apsb14-21.html"
|
||||
},
|
||||
{
|
||||
"name" : "GLSA-201409-05",
|
||||
"refsource" : "GENTOO",
|
||||
"url" : "http://security.gentoo.org/glsa/glsa-201409-05.xml"
|
||||
},
|
||||
{
|
||||
"name" : "SUSE-SU-2014:1124",
|
||||
"refsource" : "SUSE",
|
||||
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00016.html"
|
||||
},
|
||||
{
|
||||
"name" : "openSUSE-SU-2014:1110",
|
||||
"refsource" : "SUSE",
|
||||
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00006.html"
|
||||
},
|
||||
{
|
||||
"name" : "openSUSE-SU-2014:1130",
|
||||
"refsource" : "SUSE",
|
||||
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00021.html"
|
||||
},
|
||||
{
|
||||
"name" : "69695",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/69695"
|
||||
},
|
||||
{
|
||||
"name" : "1030822",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id/1030822"
|
||||
},
|
||||
{
|
||||
"name" : "61089",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/61089"
|
||||
},
|
||||
{
|
||||
"name" : "adobe-flash-cve20140547-code-exec(95817)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95817"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, and CVE-2014-0555."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "adobe-flash-cve20140547-code-exec(95817)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95817"
|
||||
},
|
||||
{
|
||||
"name": "GLSA-201409-05",
|
||||
"refsource": "GENTOO",
|
||||
"url": "http://security.gentoo.org/glsa/glsa-201409-05.xml"
|
||||
},
|
||||
{
|
||||
"name": "61089",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/61089"
|
||||
},
|
||||
{
|
||||
"name": "openSUSE-SU-2014:1130",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00021.html"
|
||||
},
|
||||
{
|
||||
"name": "openSUSE-SU-2014:1110",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00006.html"
|
||||
},
|
||||
{
|
||||
"name": "SUSE-SU-2014:1124",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00016.html"
|
||||
},
|
||||
{
|
||||
"name": "http://helpx.adobe.com/security/products/flash-player/apsb14-21.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://helpx.adobe.com/security/products/flash-player/apsb14-21.html"
|
||||
},
|
||||
{
|
||||
"name": "1030822",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1030822"
|
||||
},
|
||||
{
|
||||
"name": "69695",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/69695"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,62 +1,62 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2014-0701",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, 7.3, and 7.4 before 7.4.110.0 do not properly deallocate memory, which allows remote attackers to cause a denial of service (reboot) by sending WebAuth login requests at a high rate, aka Bug ID CSCuf52361."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "psirt@cisco.com",
|
||||
"ID": "CVE-2014-0701",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
|
||||
"refsource" : "CISCO",
|
||||
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, 7.3, and 7.4 before 7.4.110.0 do not properly deallocate memory, which allows remote attackers to cause a denial of service (reboot) by sending WebAuth login requests at a high rate, aka Bug ID CSCuf52361."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
|
||||
"refsource": "CISCO",
|
||||
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,68 +1,68 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "product-security@qualcomm.com",
|
||||
"DATE_PUBLIC" : "2018-04-02T00:00:00",
|
||||
"ID" : "CVE-2014-10051",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "Snapdragon Mobile, Snapdragon Wear",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SDX20"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "Qualcomm, Inc."
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, and SDX20, after loading a dynamically loaded code section, I-Cache is not invalidated, which could lead to executing code from stale cache lines."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Cache side-channel vulnerability in Core"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "product-security@qualcomm.com",
|
||||
"DATE_PUBLIC": "2018-04-02T00:00:00",
|
||||
"ID": "CVE-2014-10051",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Snapdragon Mobile, Snapdragon Wear",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SDX20"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Qualcomm, Inc."
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://source.android.com/security/bulletin/2018-04-01",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://source.android.com/security/bulletin/2018-04-01"
|
||||
},
|
||||
{
|
||||
"name" : "103671",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/103671"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, and SDX20, after loading a dynamically loaded code section, I-Cache is not invalidated, which could lead to executing code from stale cache lines."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cache side-channel vulnerability in Core"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://source.android.com/security/bulletin/2018-04-01",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://source.android.com/security/bulletin/2018-04-01"
|
||||
},
|
||||
{
|
||||
"name": "103671",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/103671"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,67 +1,67 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2014-4116",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2 allows remote authenticated users to inject arbitrary web script or HTML via a modified list, aka \"SharePoint Elevation of Privilege Vulnerability.\""
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secure@microsoft.com",
|
||||
"ID": "CVE-2014-4116",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "MS14-073",
|
||||
"refsource" : "MS",
|
||||
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-073"
|
||||
},
|
||||
{
|
||||
"name" : "1031192",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id/1031192"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2 allows remote authenticated users to inject arbitrary web script or HTML via a modified list, aka \"SharePoint Elevation of Privilege Vulnerability.\""
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "MS14-073",
|
||||
"refsource": "MS",
|
||||
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-073"
|
||||
},
|
||||
{
|
||||
"name": "1031192",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1031192"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,67 +1,67 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2014-4724",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Cross-site scripting (XSS) vulnerability in the Custom Banners plugin 1.2.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the custom_banners_registered_name parameter to wp-admin/options.php."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2014-4724",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://packetstormsecurity.com/files/127291/WordPress-Custom-Banners-1.2.2.2-Cross-Site-Scripting.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://packetstormsecurity.com/files/127291/WordPress-Custom-Banners-1.2.2.2-Cross-Site-Scripting.html"
|
||||
},
|
||||
{
|
||||
"name" : "68279",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/68279"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-site scripting (XSS) vulnerability in the Custom Banners plugin 1.2.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the custom_banners_registered_name parameter to wp-admin/options.php."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "68279",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/68279"
|
||||
},
|
||||
{
|
||||
"name": "http://packetstormsecurity.com/files/127291/WordPress-Custom-Banners-1.2.2.2-Cross-Site-Scripting.html",
|
||||
"refsource": "MISC",
|
||||
"url": "http://packetstormsecurity.com/files/127291/WordPress-Custom-Banners-1.2.2.2-Cross-Site-Scripting.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2014-8207",
|
||||
"STATE" : "REJECT"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2014-8207",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "REJECT"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2014-8846",
|
||||
"STATE" : "REJECT"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2014-8846",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "REJECT"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,92 +1,92 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2014-9449",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2014-9449",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://dev.exiv2.org/issues/960",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://dev.exiv2.org/issues/960"
|
||||
},
|
||||
{
|
||||
"name" : "http://dev.exiv2.org/projects/exiv2/repository/diff?rev=3264&rev_to=3263",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://dev.exiv2.org/projects/exiv2/repository/diff?rev=3264&rev_to=3263"
|
||||
},
|
||||
{
|
||||
"name" : "FEDORA-2015-0301",
|
||||
"refsource" : "FEDORA",
|
||||
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148382.html"
|
||||
},
|
||||
{
|
||||
"name" : "GLSA-201507-03",
|
||||
"refsource" : "GENTOO",
|
||||
"url" : "https://security.gentoo.org/glsa/201507-03"
|
||||
},
|
||||
{
|
||||
"name" : "USN-2454-1",
|
||||
"refsource" : "UBUNTU",
|
||||
"url" : "http://www.ubuntu.com/usn/USN-2454-1"
|
||||
},
|
||||
{
|
||||
"name" : "71912",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/71912"
|
||||
},
|
||||
{
|
||||
"name" : "61801",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/61801"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "USN-2454-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-2454-1"
|
||||
},
|
||||
{
|
||||
"name": "FEDORA-2015-0301",
|
||||
"refsource": "FEDORA",
|
||||
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148382.html"
|
||||
},
|
||||
{
|
||||
"name": "http://dev.exiv2.org/issues/960",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://dev.exiv2.org/issues/960"
|
||||
},
|
||||
{
|
||||
"name": "61801",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/61801"
|
||||
},
|
||||
{
|
||||
"name": "GLSA-201507-03",
|
||||
"refsource": "GENTOO",
|
||||
"url": "https://security.gentoo.org/glsa/201507-03"
|
||||
},
|
||||
{
|
||||
"name": "71912",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/71912"
|
||||
},
|
||||
{
|
||||
"name": "http://dev.exiv2.org/projects/exiv2/repository/diff?rev=3264&rev_to=3263",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://dev.exiv2.org/projects/exiv2/repository/diff?rev=3264&rev_to=3263"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,72 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2014-9517",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Cross-site scripting (XSS) vulnerability in D-link IP camera DCS-2103 with firmware before 1.20 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to vb.htm."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2014-9517",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20141219 BF and XSS vulnerabilities in D-Link DCS-2103",
|
||||
"refsource" : "FULLDISC",
|
||||
"url" : "http://seclists.org/fulldisclosure/2014/Dec/85"
|
||||
},
|
||||
{
|
||||
"name" : "http://packetstormsecurity.com/files/129609/D-Link-DCS-2103-Brute-Force-Cross-Site-Scripting.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://packetstormsecurity.com/files/129609/D-Link-DCS-2103-Brute-Force-Cross-Site-Scripting.html"
|
||||
},
|
||||
{
|
||||
"name" : "http://websecurity.com.ua/7288/",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://websecurity.com.ua/7288/"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-site scripting (XSS) vulnerability in D-link IP camera DCS-2103 with firmware before 1.20 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to vb.htm."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "20141219 BF and XSS vulnerabilities in D-Link DCS-2103",
|
||||
"refsource": "FULLDISC",
|
||||
"url": "http://seclists.org/fulldisclosure/2014/Dec/85"
|
||||
},
|
||||
{
|
||||
"name": "http://websecurity.com.ua/7288/",
|
||||
"refsource": "MISC",
|
||||
"url": "http://websecurity.com.ua/7288/"
|
||||
},
|
||||
{
|
||||
"name": "http://packetstormsecurity.com/files/129609/D-Link-DCS-2103-Brute-Force-Cross-Site-Scripting.html",
|
||||
"refsource": "MISC",
|
||||
"url": "http://packetstormsecurity.com/files/129609/D-Link-DCS-2103-Brute-Force-Cross-Site-Scripting.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,72 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2014-9778",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "The vid_dec_set_h264_mv_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28598515 and Qualcomm internal bug CR563694."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@android.com",
|
||||
"ID": "CVE-2014-9778",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://source.android.com/security/bulletin/2016-07-01.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://source.android.com/security/bulletin/2016-07-01.html"
|
||||
},
|
||||
{
|
||||
"name" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=af85054aa6a1bcd38be2354921f2f80aef1440e5",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=af85054aa6a1bcd38be2354921f2f80aef1440e5"
|
||||
},
|
||||
{
|
||||
"name" : "91628",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/91628"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The vid_dec_set_h264_mv_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28598515 and Qualcomm internal bug CR563694."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "91628",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/91628"
|
||||
},
|
||||
{
|
||||
"name": "http://source.android.com/security/bulletin/2016-07-01.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
|
||||
},
|
||||
{
|
||||
"name": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=af85054aa6a1bcd38be2354921f2f80aef1440e5",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=af85054aa6a1bcd38be2354921f2f80aef1440e5"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,77 +1,77 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2014-9820",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pnm file."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2014-9820",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "[oss-security] 20141224 Imagemagick fuzzing bug",
|
||||
"refsource" : "MLIST",
|
||||
"url" : "http://www.openwall.com/lists/oss-security/2014/12/24/1"
|
||||
},
|
||||
{
|
||||
"name" : "[oss-security] 20160602 Re: ImageMagick CVEs",
|
||||
"refsource" : "MLIST",
|
||||
"url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13"
|
||||
},
|
||||
{
|
||||
"name" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=0a89a1ccca6e7ee059b73f5cc924513383e8a330",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=0a89a1ccca6e7ee059b73f5cc924513383e8a330"
|
||||
},
|
||||
{
|
||||
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343476",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343476"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pnm file."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343476",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343476"
|
||||
},
|
||||
{
|
||||
"name": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=0a89a1ccca6e7ee059b73f5cc924513383e8a330",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=0a89a1ccca6e7ee059b73f5cc924513383e8a330"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20160602 Re: ImageMagick CVEs",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/13"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20141224 Imagemagick fuzzing bug",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2014/12/24/1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,102 +1,102 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2016-3471",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert_us@oracle.com",
|
||||
"ID": "CVE-2016-3471",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2016:0705",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0705.html"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2016:0534",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0534.html"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2016:1132",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "https://access.redhat.com/errata/RHSA-2016:1132"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2016:1480",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1480.html"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2016:1481",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1481.html"
|
||||
},
|
||||
{
|
||||
"name" : "91787",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/91787"
|
||||
},
|
||||
{
|
||||
"name" : "91913",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/91913"
|
||||
},
|
||||
{
|
||||
"name" : "1036362",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id/1036362"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "RHSA-2016:1481",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2016-1481.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2016:1132",
|
||||
"refsource": "REDHAT",
|
||||
"url": "https://access.redhat.com/errata/RHSA-2016:1132"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2016:0534",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2016-0534.html"
|
||||
},
|
||||
{
|
||||
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2016:1480",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2016-1480.html"
|
||||
},
|
||||
{
|
||||
"name": "1036362",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1036362"
|
||||
},
|
||||
{
|
||||
"name": "91913",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/91913"
|
||||
},
|
||||
{
|
||||
"name": "91787",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/91787"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2016:0705",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2016-0705.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2016-3660",
|
||||
"STATE" : "RESERVED"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2016-3660",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,67 +1,67 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2016-3747",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Use-after-free vulnerability in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27903498."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@android.com",
|
||||
"ID": "CVE-2016-3747",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://source.android.com/security/bulletin/2016-07-01.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://source.android.com/security/bulletin/2016-07-01.html"
|
||||
},
|
||||
{
|
||||
"name" : "https://android.googlesource.com/platform/hardware/qcom/media/+/4ed06d14080d8667d5be14eed200e378cba78345",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://android.googlesource.com/platform/hardware/qcom/media/+/4ed06d14080d8667d5be14eed200e378cba78345"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Use-after-free vulnerability in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27903498."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://android.googlesource.com/platform/hardware/qcom/media/+/4ed06d14080d8667d5be14eed200e378cba78345",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://android.googlesource.com/platform/hardware/qcom/media/+/4ed06d14080d8667d5be14eed200e378cba78345"
|
||||
},
|
||||
{
|
||||
"name": "http://source.android.com/security/bulletin/2016-07-01.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,62 +1,62 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2016-6217",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Cross-site scripting (XSS) vulnerability in Sophos PureMessage for UNIX before 6.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2016-6217",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://pmx.sophos.com/rn/pmx/concepts/ReleaseNotes_6.3.2.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://pmx.sophos.com/rn/pmx/concepts/ReleaseNotes_6.3.2.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-site scripting (XSS) vulnerability in Sophos PureMessage for UNIX before 6.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://pmx.sophos.com/rn/pmx/concepts/ReleaseNotes_6.3.2.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://pmx.sophos.com/rn/pmx/concepts/ReleaseNotes_6.3.2.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,72 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cert@cert.org",
|
||||
"ID" : "CVE-2016-6560",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "osnet-incorporation",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "proir to osnet-incorporation@0.5.11,5.11-2016.0.1.15933"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "illumos"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "illumos osnet-incorporation bcopy() and bzero() implementations make signed instead of unsigned comparisons allowing a system crash."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "CWE-195: Signed to Unsigned Conversion Error"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cert@cert.org",
|
||||
"ID": "CVE-2016-6560",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "osnet-incorporation",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "proir to osnet-incorporation@0.5.11,5.11-2016.0.1.15933"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "illumos"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://github.com/illumos/illumos-gate/commit/5aaab1a49679c26dbcb6fb6dc25799950d70cc71",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://github.com/illumos/illumos-gate/commit/5aaab1a49679c26dbcb6fb6dc25799950d70cc71"
|
||||
},
|
||||
{
|
||||
"name" : "https://www.illumos.org/issues/7488",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://www.illumos.org/issues/7488"
|
||||
},
|
||||
{
|
||||
"name" : "https://www.openindiana.org/2016/11/01/cve-2016-6560-cve-2016-6561-security-issues-in-illumos/",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://www.openindiana.org/2016/11/01/cve-2016-6560-cve-2016-6561-security-issues-in-illumos/"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "illumos osnet-incorporation bcopy() and bzero() implementations make signed instead of unsigned comparisons allowing a system crash."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-195: Signed to Unsigned Conversion Error"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://www.illumos.org/issues/7488",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://www.illumos.org/issues/7488"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/illumos/illumos-gate/commit/5aaab1a49679c26dbcb6fb6dc25799950d70cc71",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/illumos/illumos-gate/commit/5aaab1a49679c26dbcb6fb6dc25799950d70cc71"
|
||||
},
|
||||
{
|
||||
"name": "https://www.openindiana.org/2016/11/01/cve-2016-6560-cve-2016-6561-security-issues-in-illumos/",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://www.openindiana.org/2016/11/01/cve-2016-6560-cve-2016-6561-security-issues-in-illumos/"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,87 +1,87 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2016-6582",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2016-6582",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20160818 [CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://www.securityfocus.com/archive/1/539268/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name" : "20160822 [CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method",
|
||||
"refsource" : "FULLDISC",
|
||||
"url" : "http://seclists.org/fulldisclosure/2016/Aug/105"
|
||||
},
|
||||
{
|
||||
"name" : "http://packetstormsecurity.com/files/138430/Doorkeeper-4.1.0-Token-Revocation.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://packetstormsecurity.com/files/138430/Doorkeeper-4.1.0-Token-Revocation.html"
|
||||
},
|
||||
{
|
||||
"name" : "https://github.com/doorkeeper-gem/doorkeeper/issues/875",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://github.com/doorkeeper-gem/doorkeeper/issues/875"
|
||||
},
|
||||
{
|
||||
"name" : "https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v4.2.0",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v4.2.0"
|
||||
},
|
||||
{
|
||||
"name" : "92551",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/92551"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "92551",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/92551"
|
||||
},
|
||||
{
|
||||
"name": "http://packetstormsecurity.com/files/138430/Doorkeeper-4.1.0-Token-Revocation.html",
|
||||
"refsource": "MISC",
|
||||
"url": "http://packetstormsecurity.com/files/138430/Doorkeeper-4.1.0-Token-Revocation.html"
|
||||
},
|
||||
{
|
||||
"name": "20160818 [CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/539268/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name": "20160822 [CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method",
|
||||
"refsource": "FULLDISC",
|
||||
"url": "http://seclists.org/fulldisclosure/2016/Aug/105"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v4.2.0",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v4.2.0"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/doorkeeper-gem/doorkeeper/issues/875",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/doorkeeper-gem/doorkeeper/issues/875"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,107 +1,107 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2016-7125",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2016-7125",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "[oss-security] 20160902 Re: CVE assignment for PHP 5.6.25 and 7.0.10 - and libcurl",
|
||||
"refsource" : "MLIST",
|
||||
"url" : "http://openwall.com/lists/oss-security/2016/09/02/9"
|
||||
},
|
||||
{
|
||||
"name" : "http://www.php.net/ChangeLog-5.php",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.php.net/ChangeLog-5.php"
|
||||
},
|
||||
{
|
||||
"name" : "http://www.php.net/ChangeLog-7.php",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.php.net/ChangeLog-7.php"
|
||||
},
|
||||
{
|
||||
"name" : "https://bugs.php.net/bug.php?id=72681",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://bugs.php.net/bug.php?id=72681"
|
||||
},
|
||||
{
|
||||
"name" : "https://github.com/php/php-src/commit/8763c6090d627d8bb0ee1d030c30e58f406be9ce?w=1",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://github.com/php/php-src/commit/8763c6090d627d8bb0ee1d030c30e58f406be9ce?w=1"
|
||||
},
|
||||
{
|
||||
"name" : "https://www.tenable.com/security/tns-2016-19",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://www.tenable.com/security/tns-2016-19"
|
||||
},
|
||||
{
|
||||
"name" : "GLSA-201611-22",
|
||||
"refsource" : "GENTOO",
|
||||
"url" : "https://security.gentoo.org/glsa/201611-22"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2016:2750",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
|
||||
},
|
||||
{
|
||||
"name" : "92552",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/92552"
|
||||
},
|
||||
{
|
||||
"name" : "1036680",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id/1036680"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://www.php.net/ChangeLog-7.php",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.php.net/ChangeLog-7.php"
|
||||
},
|
||||
{
|
||||
"name": "https://bugs.php.net/bug.php?id=72681",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugs.php.net/bug.php?id=72681"
|
||||
},
|
||||
{
|
||||
"name": "GLSA-201611-22",
|
||||
"refsource": "GENTOO",
|
||||
"url": "https://security.gentoo.org/glsa/201611-22"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/php/php-src/commit/8763c6090d627d8bb0ee1d030c30e58f406be9ce?w=1",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/php/php-src/commit/8763c6090d627d8bb0ee1d030c30e58f406be9ce?w=1"
|
||||
},
|
||||
{
|
||||
"name": "1036680",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1036680"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2016:2750",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
|
||||
},
|
||||
{
|
||||
"name": "http://www.php.net/ChangeLog-5.php",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.php.net/ChangeLog-5.php"
|
||||
},
|
||||
{
|
||||
"name": "https://www.tenable.com/security/tns-2016-19",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://www.tenable.com/security/tns-2016-19"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20160902 Re: CVE assignment for PHP 5.6.25 and 7.0.10 - and libcurl",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://openwall.com/lists/oss-security/2016/09/02/9"
|
||||
},
|
||||
{
|
||||
"name": "92552",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/92552"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2016-7303",
|
||||
"STATE" : "REJECT"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2016-7303",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "REJECT"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,87 +1,87 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2016-7532",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@debian.org",
|
||||
"ID": "CVE-2016-7532",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)",
|
||||
"refsource" : "MLIST",
|
||||
"url" : "http://www.openwall.com/lists/oss-security/2016/09/22/2"
|
||||
},
|
||||
{
|
||||
"name" : "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539066",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539066"
|
||||
},
|
||||
{
|
||||
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1378764",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1378764"
|
||||
},
|
||||
{
|
||||
"name" : "https://github.com/ImageMagick/ImageMagick/commit/4f2c04ea6673863b87ac7f186cbb0d911f74085c",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://github.com/ImageMagick/ImageMagick/commit/4f2c04ea6673863b87ac7f186cbb0d911f74085c"
|
||||
},
|
||||
{
|
||||
"name" : "https://github.com/ImageMagick/ImageMagick/issues/109",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://github.com/ImageMagick/ImageMagick/issues/109"
|
||||
},
|
||||
{
|
||||
"name" : "93131",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/93131"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://github.com/ImageMagick/ImageMagick/commit/4f2c04ea6673863b87ac7f186cbb0d911f74085c",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/ImageMagick/ImageMagick/commit/4f2c04ea6673863b87ac7f186cbb0d911f74085c"
|
||||
},
|
||||
{
|
||||
"name": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539066",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539066"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2016/09/22/2"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/ImageMagick/ImageMagick/issues/109",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/ImageMagick/ImageMagick/issues/109"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1378764",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378764"
|
||||
},
|
||||
{
|
||||
"name": "93131",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/93131"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,82 +1,82 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "product-security@apple.com",
|
||||
"ID" : "CVE-2016-7606",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "product-security@apple.com",
|
||||
"ID": "CVE-2016-7606",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://support.apple.com/HT207422",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://support.apple.com/HT207422"
|
||||
},
|
||||
{
|
||||
"name" : "https://support.apple.com/HT207423",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://support.apple.com/HT207423"
|
||||
},
|
||||
{
|
||||
"name" : "https://support.apple.com/HT207487",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://support.apple.com/HT207487"
|
||||
},
|
||||
{
|
||||
"name" : "94905",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/94905"
|
||||
},
|
||||
{
|
||||
"name" : "1037469",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id/1037469"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://support.apple.com/HT207487",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://support.apple.com/HT207487"
|
||||
},
|
||||
{
|
||||
"name": "https://support.apple.com/HT207422",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://support.apple.com/HT207422"
|
||||
},
|
||||
{
|
||||
"name": "94905",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/94905"
|
||||
},
|
||||
{
|
||||
"name": "1037469",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1037469"
|
||||
},
|
||||
{
|
||||
"name": "https://support.apple.com/HT207423",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://support.apple.com/HT207423"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,82 +1,82 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "vultures@jpcert.or.jp",
|
||||
"ID" : "CVE-2016-7808",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "CG-WLBARGMH",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "all versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name" : "CG-WLBARGNL",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "all versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "Corega Inc"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Cross-site scripting vulnerability in Corega CG-WLBARGMH and CG-WLBARGNL allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Cross-site scripting"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "vultures@jpcert.or.jp",
|
||||
"ID": "CVE-2016-7808",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "CG-WLBARGMH",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "all versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "CG-WLBARGNL",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "all versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Corega Inc"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://corega.jp/support/security/20161111_wlbargmh_wlbargnl.htm",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://corega.jp/support/security/20161111_wlbargmh_wlbargnl.htm"
|
||||
},
|
||||
{
|
||||
"name" : "JVN#25060672",
|
||||
"refsource" : "JVN",
|
||||
"url" : "https://jvn.jp/en/jp/JVN25060672/index.html"
|
||||
},
|
||||
{
|
||||
"name" : "94249",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/94249"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-site scripting vulnerability in Corega CG-WLBARGMH and CG-WLBARGNL allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-site scripting"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://corega.jp/support/security/20161111_wlbargmh_wlbargnl.htm",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://corega.jp/support/security/20161111_wlbargmh_wlbargnl.htm"
|
||||
},
|
||||
{
|
||||
"name": "JVN#25060672",
|
||||
"refsource": "JVN",
|
||||
"url": "https://jvn.jp/en/jp/JVN25060672/index.html"
|
||||
},
|
||||
{
|
||||
"name": "94249",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/94249"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2016-8089",
|
||||
"STATE" : "REJECT"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2016-8089",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "REJECT"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2016-8261",
|
||||
"STATE" : "REJECT"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2016-8261",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "REJECT"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,80 +1,80 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "security@apache.org",
|
||||
"ID" : "CVE-2016-8741",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "Apache Qpid Broker-J",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "6.0.1, 6.0.2, 6.0.3, 6.0.4, and 6.0.5"
|
||||
},
|
||||
{
|
||||
"version_value" : "6.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "Apache Software Foundation"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for Java 6.0.x before 6.0.6 and 6.1.x before 6.1.1 prematurely terminate the SCRAM SASL negotiation if the provided user name does not exist thus allowing remote attacker to determine the existence of user accounts. The Vulnerability does not apply to AuthenticationProviders other than SCRAM-SHA-1 and SCRAM-SHA-256."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Information Leakage"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@apache.org",
|
||||
"ID": "CVE-2016-8741",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Apache Qpid Broker-J",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "6.0.1, 6.0.2, 6.0.3, 6.0.4, and 6.0.5"
|
||||
},
|
||||
{
|
||||
"version_value": "6.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Apache Software Foundation"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "[apache-qpid-users] 20161228 [CVE-2016-8741] Apache Qpid Broker for Java - Information Leakage ",
|
||||
"refsource" : "MLIST",
|
||||
"url" : "http://qpid.2158936.n2.nabble.com/CVE-2016-8741-Apache-Qpid-Broker-for-Java-Information-Leakage-td7657025.html"
|
||||
},
|
||||
{
|
||||
"name" : "https://issues.apache.org/jira/browse/QPID-7599",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://issues.apache.org/jira/browse/QPID-7599"
|
||||
},
|
||||
{
|
||||
"name" : "95136",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/95136"
|
||||
},
|
||||
{
|
||||
"name" : "1037537",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id/1037537"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for Java 6.0.x before 6.0.6 and 6.1.x before 6.1.1 prematurely terminate the SCRAM SASL negotiation if the provided user name does not exist thus allowing remote attacker to determine the existence of user accounts. The Vulnerability does not apply to AuthenticationProviders other than SCRAM-SHA-1 and SCRAM-SHA-256."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Information Leakage"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "1037537",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1037537"
|
||||
},
|
||||
{
|
||||
"name": "https://issues.apache.org/jira/browse/QPID-7599",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://issues.apache.org/jira/browse/QPID-7599"
|
||||
},
|
||||
{
|
||||
"name": "95136",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/95136"
|
||||
},
|
||||
{
|
||||
"refsource": "MLIST",
|
||||
"name": "[apache-qpid-users] 20161228 [CVE-2016-8741] Apache Qpid Broker for Java - Information Leakage",
|
||||
"url": "http://qpid.2158936.n2.nabble.com/CVE-2016-8741-Apache-Qpid-Broker-for-Java-Information-Leakage-td7657025.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
Loading…
x
Reference in New Issue
Block a user