admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:44:19 +00:00
parent b60581ca93
commit b99a2ab8c3
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
55 changed files with 4469 additions and 4469 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

200
2006/0xxx/CVE-2006-0277.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0277",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) APPS01 in the (a) Application Install component; (2) APPS07 in the (b) Oracle Applications Framework component; (3) APPS08, (4) APPS09, (5) APPS10, and (6) APPS11 in the (c) Oracle Applications Technology Stack component; (7) APPS12 in the (d) Oracle Human Resources component; (8) APPS15 and (9) APPS16 in the (e) Oracle Marketing component; (10) APPS17 in the (f) Marketing Encyclopedia System component; (11) APPS18 in the (g) Oracle Trade Management component; and (12) APPS19 in the (h) Oracle Web Applications Desktop Integration component."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name" : "VU#545804",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/545804"
},
{
"name" : "16287",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16287"
},
{
"name" : "ADV-2006-0243",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0243"
},
{
"name" : "ADV-2006-0323",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name" : "1015499",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015499"
},
{
"name" : "18493",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18493"
},
{
"name" : "18608",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18608"
},
{
"name" : "oracle-january2006-update(24321)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) APPS01 in the (a) Application Install component; (2) APPS07 in the (b) Oracle Applications Framework component; (3) APPS08, (4) APPS09, (5) APPS10, and (6) APPS11 in the (c) Oracle Applications Technology Stack component; (7) APPS12 in the (d) Oracle Human Resources component; (8) APPS15 and (9) APPS16 in the (e) Oracle Marketing component; (10) APPS17 in the (f) Marketing Encyclopedia System component; (11) APPS18 in the (g) Oracle Trade Management component; and (12) APPS19 in the (h) Oracle Web Applications Desktop Integration component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-january2006-update(24321)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"name": "18493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "16287",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16287"
},
{
"name": "VU#545804",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"name": "1015499",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015499"
},
{
"name": "ADV-2006-0243",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18608"
}
]
}
}

200
2006/0xxx/CVE-2006-0284.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0284",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.2 and 10.1.2.0.2, and E-Business Suite and Applications 11.5.10, have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) FORM01 and (2) FORM02 in the Oracle Forms component."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name" : "VU#545804",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/545804"
},
{
"name" : "16287",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16287"
},
{
"name" : "ADV-2006-0243",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0243"
},
{
"name" : "ADV-2006-0323",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name" : "1015499",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015499"
},
{
"name" : "18493",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18493"
},
{
"name" : "18608",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18608"
},
{
"name" : "oracle-january2006-update(24321)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.2 and 10.1.2.0.2, and E-Business Suite and Applications 11.5.10, have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) FORM01 and (2) FORM02 in the Oracle Forms component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-january2006-update(24321)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"name": "18493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "16287",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16287"
},
{
"name": "VU#545804",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"name": "1015499",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015499"
},
{
"name": "ADV-2006-0243",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18608"
}
]
}
}

210
2006/0xxx/CVE-2006-0537.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0537",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the POP3 server in Kinesphere Corporation eXchange before 5.0.060125 allows remote attackers to execute arbitrary code via a long RCPT TO argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060203 Exchangepop3 rcpt buffer overflow vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-02/0040.html"
},
{
"name" : "1466",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1466"
},
{
"name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/exchangepop3.pl",
"refsource" : "MISC",
"url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/exchangepop3.pl"
},
{
"name" : "16485",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16485"
},
{
"name" : "ADV-2006-0437",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0437"
},
{
"name" : "22907",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22907"
},
{
"name" : "1015580",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015580"
},
{
"name" : "18687",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18687"
},
{
"name" : "408",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/408"
},
{
"name" : "exchangepop3-rcptto-bo(24477)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24477"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the POP3 server in Kinesphere Corporation eXchange before 5.0.060125 allows remote attackers to execute arbitrary code via a long RCPT TO argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1466",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1466"
},
{
"name": "408",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/408"
},
{
"name": "18687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18687"
},
{
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/exchangepop3.pl",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/exchangepop3.pl"
},
{
"name": "ADV-2006-0437",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0437"
},
{
"name": "20060203 Exchangepop3 rcpt buffer overflow vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0040.html"
},
{
"name": "16485",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16485"
},
{
"name": "22907",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22907"
},
{
"name": "exchangepop3-rcptto-bo(24477)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24477"
},
{
"name": "1015580",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015580"
}
]
}
}

170
2006/0xxx/CVE-2006-0706.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0706",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in eintrag.php in Gästebuch (Gastebuch) before 1.3.3 allows remote attackers to inject arbitrary web script or HTML via the URL, which is used in the homepage parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060213 XSS vulnerability in guestbook-php-script",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=113986789801121&w=2"
},
{
"name" : "http://www.php4scripte.de/index.php",
"refsource" : "CONFIRM",
"url" : "http://www.php4scripte.de/index.php"
},
{
"name" : "16615",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16615"
},
{
"name" : "ADV-2006-0566",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0566"
},
{
"name" : "18849",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18849"
},
{
"name" : "gastebuch-homepage-xss(24670)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24670"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in eintrag.php in G\u00e4stebuch (Gastebuch) before 1.3.3 allows remote attackers to inject arbitrary web script or HTML via the URL, which is used in the homepage parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0566",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0566"
},
{
"name": "gastebuch-homepage-xss(24670)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24670"
},
{
"name": "16615",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16615"
},
{
"name": "20060213 XSS vulnerability in guestbook-php-script",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=113986789801121&w=2"
},
{
"name": "18849",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18849"
},
{
"name": "http://www.php4scripte.de/index.php",
"refsource": "CONFIRM",
"url": "http://www.php4scripte.de/index.php"
}
]
}
}

570
2006/1xxx/CVE-2006-1740.json
View File

@ -1,287 +1,287 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1740",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-1740",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-12.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-12.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=271194",
"refsource" : "MISC",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=271194"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm"
},
{
"name" : "DSA-1044",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1044"
},
{
"name" : "DSA-1046",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1046"
},
{
"name" : "DSA-1051",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1051"
},
{
"name" : "FEDORA-2006-410",
"refsource" : "FEDORA",
"url" : "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html"
},
{
"name" : "FEDORA-2006-411",
"refsource" : "FEDORA",
"url" : "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html"
},
{
"name" : "FLSA:189137-1",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/436296/100/0/threaded"
},
{
"name" : "FLSA:189137-2",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/436338/100/0/threaded"
},
{
"name" : "GLSA-200604-12",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml"
},
{
"name" : "GLSA-200604-18",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml"
},
{
"name" : "HPSBUX02122",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/438730/100/0/threaded"
},
{
"name" : "SSRT061158",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/438730/100/0/threaded"
},
{
"name" : "MDKSA-2006:075",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:075"
},
{
"name" : "MDKSA-2006:076",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:076"
},
{
"name" : "RHSA-2006:0328",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0328.html"
},
{
"name" : "RHSA-2006:0329",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0329.html"
},
{
"name" : "SCOSA-2006.26",
"refsource" : "SCO",
"url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt"
},
{
"name" : "20060404-01-U",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc"
},
{
"name" : "102550",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1"
},
{
"name" : "228526",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1"
},
{
"name" : "SUSE-SA:2006:021",
"refsource" : "SUSE",
"url" : "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html"
},
{
"name" : "USN-275-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/275-1/"
},
{
"name" : "USN-271-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/271-1/"
},
{
"name" : "17516",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17516"
},
{
"name" : "oval:org.mitre.oval:def:10424",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10424"
},
{
"name" : "ADV-2006-1356",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1356"
},
{
"name" : "oval:org.mitre.oval:def:1811",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1811"
},
{
"name" : "19631",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19631"
},
{
"name" : "19759",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19759"
},
{
"name" : "19794",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19794"
},
{
"name" : "19811",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19811"
},
{
"name" : "19852",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19852"
},
{
"name" : "19862",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19862"
},
{
"name" : "19863",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19863"
},
{
"name" : "19902",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19902"
},
{
"name" : "19941",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19941"
},
{
"name" : "19714",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19714"
},
{
"name" : "19721",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19721"
},
{
"name" : "19746",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19746"
},
{
"name" : "21033",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21033"
},
{
"name" : "21622",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21622"
},
{
"name" : "19696",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19696"
},
{
"name" : "19729",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19729"
},
{
"name" : "mozilla-secure-site-spoofing(25813)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25813"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-275-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/275-1/"
},
{
"name": "19902",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19902"
},
{
"name": "20060404-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc"
},
{
"name": "HPSBUX02122",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded"
},
{
"name": "19941",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19941"
},
{
"name": "RHSA-2006:0328",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0328.html"
},
{
"name": "GLSA-200604-12",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml"
},
{
"name": "21622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21622"
},
{
"name": "19862",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19862"
},
{
"name": "MDKSA-2006:075",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:075"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm"
},
{
"name": "DSA-1051",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1051"
},
{
"name": "FEDORA-2006-410",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html"
},
{
"name": "oval:org.mitre.oval:def:1811",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1811"
},
{
"name": "USN-271-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/271-1/"
},
{
"name": "19714",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19714"
},
{
"name": "RHSA-2006:0329",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0329.html"
},
{
"name": "GLSA-200604-18",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml"
},
{
"name": "19811",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19811"
},
{
"name": "19794",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19794"
},
{
"name": "19746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19746"
},
{
"name": "21033",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21033"
},
{
"name": "oval:org.mitre.oval:def:10424",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10424"
},
{
"name": "102550",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1"
},
{
"name": "19696",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19696"
},
{
"name": "19759",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19759"
},
{
"name": "SUSE-SA:2006:021",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html"
},
{
"name": "FLSA:189137-2",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/436338/100/0/threaded"
},
{
"name": "ADV-2006-1356",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1356"
},
{
"name": "SSRT061158",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded"
},
{
"name": "http://www.mozilla.org/security/announce/2006/mfsa2006-12.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-12.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=271194",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=271194"
},
{
"name": "19729",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19729"
},
{
"name": "19863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19863"
},
{
"name": "mozilla-secure-site-spoofing(25813)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25813"
},
{
"name": "SCOSA-2006.26",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt"
},
{
"name": "FLSA:189137-1",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/436296/100/0/threaded"
},
{
"name": "17516",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17516"
},
{
"name": "228526",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1"
},
{
"name": "FEDORA-2006-411",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html"
},
{
"name": "19852",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19852"
},
{
"name": "19721",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19721"
},
{
"name": "19631",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19631"
},
{
"name": "MDKSA-2006:076",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:076"
},
{
"name": "DSA-1046",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1046"
},
{
"name": "DSA-1044",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1044"
}
]
}
}

140
2006/3xxx/CVE-2006-3422.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3422",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in WonderEdit Pro CMS allows remote attackers to execute arbitrary PHP code via the config[template_path] parameter in user_bottom.php, as used by multiple templates including (1) rwb (template/rwb/user_bottom.php), (2) gwb (template/rwb/user_bottom.php, (3) blues, (4) bluwhi, and (5) grns."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "1982",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1982"
},
{
"name" : "18821",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18821"
},
{
"name" : "wonderedit-templatepath-file-include(27536)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27536"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in WonderEdit Pro CMS allows remote attackers to execute arbitrary PHP code via the config[template_path] parameter in user_bottom.php, as used by multiple templates including (1) rwb (template/rwb/user_bottom.php), (2) gwb (template/rwb/user_bottom.php, (3) blues, (4) bluwhi, and (5) grns."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "wonderedit-templatepath-file-include(27536)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27536"
},
{
"name": "1982",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1982"
},
{
"name": "18821",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18821"
}
]
}
}

160
2006/3xxx/CVE-2006-3754.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3754",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in Include/editor/rich_files/class.rich.php in FlushCMS 1.0.0-pre2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the class_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2018",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2018"
},
{
"name" : "19023",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19023"
},
{
"name" : "ADV-2006-2822",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2822"
},
{
"name" : "21090",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21090"
},
{
"name" : "flushcms-classpath-file-include(27751)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27751"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in Include/editor/rich_files/class.rich.php in FlushCMS 1.0.0-pre2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the class_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2018",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2018"
},
{
"name": "19023",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19023"
},
{
"name": "21090",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21090"
},
{
"name": "flushcms-classpath-file-include(27751)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27751"
},
{
"name": "ADV-2006-2822",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2822"
}
]
}
}

120
2006/3xxx/CVE-2006-3965.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3965",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as database usernames and passwords."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3965",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060730 Banex Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=115423462216111&w=2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as database usernames and passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060730 Banex Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=115423462216111&w=2"
}
]
}
}

200
2006/4xxx/CVE-2006-4436.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4436",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates Security Associations (SA) with a replay window of size 0 when isakmpd acts as a responder during SA negotiation, which allows remote attackers to replay IPSec packets and bypass the replay protection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4436",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-1175",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1175"
},
{
"name" : "[3.8] 20060825 013: SECURITY FIX: August 25, 2006",
"refsource" : "OPENBSD",
"url" : "http://www.openbsd.org/errata38.html#isakmpd"
},
{
"name" : "[3.9] 20060825 008: SECURITY FIX: August 25, 2006",
"refsource" : "OPENBSD",
"url" : "http://www.openbsd.org/errata.html#isakmpd"
},
{
"name" : "19712",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19712"
},
{
"name" : "28194",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28194"
},
{
"name" : "1016757",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016757"
},
{
"name" : "21652",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21652"
},
{
"name" : "21905",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21905"
},
{
"name" : "openbsd-isakmpd-security-bypass(28645)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28645"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates Security Associations (SA) with a replay window of size 0 when isakmpd acts as a responder during SA negotiation, which allows remote attackers to replay IPSec packets and bypass the replay protection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[3.8] 20060825 013: SECURITY FIX: August 25, 2006",
"refsource": "OPENBSD",
"url": "http://www.openbsd.org/errata38.html#isakmpd"
},
{
"name": "28194",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28194"
},
{
"name": "openbsd-isakmpd-security-bypass(28645)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28645"
},
{
"name": "1016757",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016757"
},
{
"name": "21652",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21652"
},
{
"name": "DSA-1175",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1175"
},
{
"name": "19712",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19712"
},
{
"name": "21905",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21905"
},
{
"name": "[3.9] 20060825 008: SECURITY FIX: August 25, 2006",
"refsource": "OPENBSD",
"url": "http://www.openbsd.org/errata.html#isakmpd"
}
]
}
}

170
2006/4xxx/CVE-2006-4651.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4651",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in download/index.php, and possibly download.php, in threesquared.net (aka Ben Speakman) Php download allows remote attackers to overwrite arbitrary local files via .. (dot dot) sequence in the file parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060902 php download local file include",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445269/100/0/threaded"
},
{
"name" : "19872",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19872"
},
{
"name" : "ADV-2006-3479",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3479"
},
{
"name" : "21774",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21774"
},
{
"name" : "1528",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1528"
},
{
"name" : "phpdownload-index-file-include(28751)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28751"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in download/index.php, and possibly download.php, in threesquared.net (aka Ben Speakman) Php download allows remote attackers to overwrite arbitrary local files via .. (dot dot) sequence in the file parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21774",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21774"
},
{
"name": "phpdownload-index-file-include(28751)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28751"
},
{
"name": "20060902 php download local file include",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445269/100/0/threaded"
},
{
"name": "1528",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1528"
},
{
"name": "19872",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19872"
},
{
"name": "ADV-2006-3479",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3479"
}
]
}
}

160
2006/4xxx/CVE-2006-4769.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4769",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in abf_js.php in p4CMS 1.05 allows remote attackers to execute arbitrary PHP code via a URL in the abs_pfad parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2350",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2350"
},
{
"name" : "19971",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19971"
},
{
"name" : "ADV-2006-3590",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3590"
},
{
"name" : "21891",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21891"
},
{
"name" : "p4cms-abfjs-file-include(28880)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28880"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in abf_js.php in p4CMS 1.05 allows remote attackers to execute arbitrary PHP code via a URL in the abs_pfad parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "p4cms-abfjs-file-include(28880)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28880"
},
{
"name": "19971",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19971"
},
{
"name": "21891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21891"
},
{
"name": "2350",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2350"
},
{
"name": "ADV-2006-3590",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3590"
}
]
}
}

140
2006/4xxx/CVE-2006-4982.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4982",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco NAC maintains an exception list that does not record device properties other than MAC address, which allows physically proximate attackers to bypass control methods and join a local network by spoofing the MAC address of a different type of device, as demonstrated by using the MAC address of a disconnected printer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4982",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060919 White paper release: Bypassing network access control (NAC) systems",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446421/100/0/threaded"
},
{
"name" : "http://www.insightix.com/files/pdf/Bypassing_NAC_Solutions_Whitepaper.pdf",
"refsource" : "MISC",
"url" : "http://www.insightix.com/files/pdf/Bypassing_NAC_Solutions_Whitepaper.pdf"
},
{
"name" : "30978",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/30978"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco NAC maintains an exception list that does not record device properties other than MAC address, which allows physically proximate attackers to bypass control methods and join a local network by spoofing the MAC address of a different type of device, as demonstrated by using the MAC address of a disconnected printer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060919 White paper release: Bypassing network access control (NAC) systems",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446421/100/0/threaded"
},
{
"name": "http://www.insightix.com/files/pdf/Bypassing_NAC_Solutions_Whitepaper.pdf",
"refsource": "MISC",
"url": "http://www.insightix.com/files/pdf/Bypassing_NAC_Solutions_Whitepaper.pdf"
},
{
"name": "30978",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30978"
}
]
}
}

210
2010/2xxx/CVE-2010-2076.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2076",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2076",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[cxf-users] 20100616 Important - Apache CXF security advisory CVE-2010-2076",
"refsource" : "MLIST",
"url" : "http://www.listware.net/201006/cxf-users/60160-important-apache-cxf-security-advisory-cve-2010-2076.html"
},
{
"name" : "http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html",
"refsource" : "CONFIRM",
"url" : "http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html"
},
{
"name" : "http://geronimo.apache.org/21x-security-report.html",
"refsource" : "CONFIRM",
"url" : "http://geronimo.apache.org/21x-security-report.html"
},
{
"name" : "http://geronimo.apache.org/22x-security-report.html",
"refsource" : "CONFIRM",
"url" : "http://geronimo.apache.org/22x-security-report.html"
},
{
"name" : "http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf"
},
{
"name" : "https://issues.apache.org/jira/browse/GERONIMO-5383",
"refsource" : "CONFIRM",
"url" : "https://issues.apache.org/jira/browse/GERONIMO-5383"
},
{
"name" : "42492",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/42492"
},
{
"name" : "40969",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40969"
},
{
"name" : "41016",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41016"
},
{
"name" : "41025",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41025"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42492",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42492"
},
{
"name": "http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html",
"refsource": "CONFIRM",
"url": "http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html"
},
{
"name": "http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf"
},
{
"name": "41025",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41025"
},
{
"name": "http://geronimo.apache.org/22x-security-report.html",
"refsource": "CONFIRM",
"url": "http://geronimo.apache.org/22x-security-report.html"
},
{
"name": "41016",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41016"
},
{
"name": "https://issues.apache.org/jira/browse/GERONIMO-5383",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/GERONIMO-5383"
},
{
"name": "[cxf-users] 20100616 Important - Apache CXF security advisory CVE-2010-2076",
"refsource": "MLIST",
"url": "http://www.listware.net/201006/cxf-users/60160-important-apache-cxf-security-advisory-cve-2010-2076.html"
},
{
"name": "http://geronimo.apache.org/21x-security-report.html",
"refsource": "CONFIRM",
"url": "http://geronimo.apache.org/21x-security-report.html"
},
{
"name": "40969",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40969"
}
]
}
}

170
2010/2xxx/CVE-2010-2937.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2937",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VLC media player 0.9.0 through 1.1.2 does not properly process ID3v2 tags, which allows remote attackers to cause a denial of service (application crash) via a crafted media file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.videolan.org/?p=vlc/vlc-1.0.git;a=commit;h=22a22e356c9d93993086810b2e25b59b55925b3a",
"refsource" : "CONFIRM",
"url" : "http://git.videolan.org/?p=vlc/vlc-1.0.git;a=commit;h=22a22e356c9d93993086810b2e25b59b55925b3a"
},
{
"name" : "http://git.videolan.org/?p=vlc/vlc-1.1.git;a=commit;h=24918843e57c7962e28fcb01845adce82bed6516",
"refsource" : "CONFIRM",
"url" : "http://git.videolan.org/?p=vlc/vlc-1.1.git;a=commit;h=24918843e57c7962e28fcb01845adce82bed6516"
},
{
"name" : "http://www.videolan.org/security/sa1004.html",
"refsource" : "CONFIRM",
"url" : "http://www.videolan.org/security/sa1004.html"
},
{
"name" : "42386",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/42386"
},
{
"name" : "oval:org.mitre.oval:def:14676",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14676"
},
{
"name" : "ADV-2010-2087",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2087"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VLC media player 0.9.0 through 1.1.2 does not properly process ID3v2 tags, which allows remote attackers to cause a denial of service (application crash) via a crafted media file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=vlc/vlc-1.0.git;a=commit;h=22a22e356c9d93993086810b2e25b59b55925b3a",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc/vlc-1.0.git;a=commit;h=22a22e356c9d93993086810b2e25b59b55925b3a"
},
{
"name": "http://git.videolan.org/?p=vlc/vlc-1.1.git;a=commit;h=24918843e57c7962e28fcb01845adce82bed6516",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc/vlc-1.1.git;a=commit;h=24918843e57c7962e28fcb01845adce82bed6516"
},
{
"name": "http://www.videolan.org/security/sa1004.html",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa1004.html"
},
{
"name": "42386",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42386"
},
{
"name": "ADV-2010-2087",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2087"
},
{
"name": "oval:org.mitre.oval:def:14676",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14676"
}
]
}
}

190
2010/3xxx/CVE-2010-3272.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3272",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide_Captcha or (2) quesList parameter in a validateAll action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110210 CORE-2011-0103 - ZOHO ManageEngine ADSelfService multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516396/100/0/threaded"
},
{
"name" : "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities",
"refsource" : "MISC",
"url" : "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities"
},
{
"name" : "46331",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46331"
},
{
"name" : "70870",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/70870"
},
{
"name" : "43241",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43241"
},
{
"name" : "8089",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8089"
},
{
"name" : "ADV-2011-0392",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0392"
},
{
"name" : "adselfservice-pwr-weak-security(65350)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65350"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide_Captcha or (2) quesList parameter in a validateAll action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43241",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43241"
},
{
"name": "ADV-2011-0392",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0392"
},
{
"name": "20110210 CORE-2011-0103 - ZOHO ManageEngine ADSelfService multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516396/100/0/threaded"
},
{
"name": "8089",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8089"
},
{
"name": "adselfservice-pwr-weak-security(65350)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65350"
},
{
"name": "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities"
},
{
"name": "46331",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46331"
},
{
"name": "70870",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70870"
}
]
}
}

310
2010/3xxx/CVE-2010-3433.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3433",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.postgresql.org/about/news.1244",
"refsource" : "CONFIRM",
"url" : "http://www.postgresql.org/about/news.1244"
},
{
"name" : "http://www.postgresql.org/docs/9.0/static/release-9-0-1.html",
"refsource" : "CONFIRM",
"url" : "http://www.postgresql.org/docs/9.0/static/release-9-0-1.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=639371",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=639371"
},
{
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705",
"refsource" : "CONFIRM",
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"
},
{
"name" : "DSA-2120",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2120"
},
{
"name" : "FEDORA-2010-15954",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049591.html"
},
{
"name" : "FEDORA-2010-15960",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049592.html"
},
{
"name" : "HPSBMU02781",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134124585221119&w=2"
},
{
"name" : "SSRT100617",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134124585221119&w=2"
},
{
"name" : "MDVSA-2010:197",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:197"
},
{
"name" : "RHSA-2010:0742",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0742.html"
},
{
"name" : "RHSA-2010:0908",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0908.html"
},
{
"name" : "SUSE-SR:2010:020",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html"
},
{
"name" : "SUSE-SR:2010:019",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"name" : "USN-1002-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1002-1"
},
{
"name" : "USN-1002-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1002-2"
},
{
"name" : "43747",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43747"
},
{
"name" : "oval:org.mitre.oval:def:7291",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7291"
},
{
"name" : "42325",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42325"
},
{
"name" : "ADV-2010-3051",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3051"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2010-15960",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049592.html"
},
{
"name": "oval:org.mitre.oval:def:7291",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7291"
},
{
"name": "SUSE-SR:2010:020",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html"
},
{
"name": "HPSBMU02781",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134124585221119&w=2"
},
{
"name": "USN-1002-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1002-2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=639371",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=639371"
},
{
"name": "FEDORA-2010-15954",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049591.html"
},
{
"name": "ADV-2010-3051",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3051"
},
{
"name": "RHSA-2010:0742",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0742.html"
},
{
"name": "http://www.postgresql.org/docs/9.0/static/release-9-0-1.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/9.0/static/release-9-0-1.html"
},
{
"name": "USN-1002-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1002-1"
},
{
"name": "MDVSA-2010:197",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:197"
},
{
"name": "42325",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42325"
},
{
"name": "RHSA-2010:0908",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0908.html"
},
{
"name": "DSA-2120",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2120"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"
},
{
"name": "SUSE-SR:2010:019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"name": "43747",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43747"
},
{
"name": "SSRT100617",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134124585221119&w=2"
},
{
"name": "http://www.postgresql.org/about/news.1244",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/about/news.1244"
}
]
}
}

210
2011/0xxx/CVE-2011-0599.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0599",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Bitmap parsing component in rt3d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted image that causes an invalid pointer calculation related to 4/8-bit RLE compression, a different vulnerability than CVE-2011-0596, CVE-2011-0598, and CVE-2011-0602."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2011-0599",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110208 ZDI-11-072: Adobe Reader BMP ColorData Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516314"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-072/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-072/"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html"
},
{
"name" : "RHSA-2011:0301",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0301.html"
},
{
"name" : "46220",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46220"
},
{
"name" : "oval:org.mitre.oval:def:12424",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12424"
},
{
"name" : "1025033",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025033"
},
{
"name" : "43470",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43470"
},
{
"name" : "ADV-2011-0337",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0337"
},
{
"name" : "ADV-2011-0492",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0492"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Bitmap parsing component in rt3d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted image that causes an invalid pointer calculation related to 4/8-bit RLE compression, a different vulnerability than CVE-2011-0596, CVE-2011-0598, and CVE-2011-0602."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46220",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46220"
},
{
"name": "ADV-2011-0492",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0492"
},
{
"name": "43470",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43470"
},
{
"name": "oval:org.mitre.oval:def:12424",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12424"
},
{
"name": "20110208 ZDI-11-072: Adobe Reader BMP ColorData Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516314"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-072/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-072/"
},
{
"name": "RHSA-2011:0301",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0301.html"
},
{
"name": "ADV-2011-0337",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0337"
},
{
"name": "1025033",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025033"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-03.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html"
}
]
}
}

34
2011/0xxx/CVE-2011-0878.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0878",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2011-0878",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
}
]
}
}

260
2011/1xxx/CVE-2011-1148.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1148",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110313 CVE request: PHP substr_replace() use-after-free",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/13/2"
},
{
"name" : "[oss-security] 20110313 Re: CVE request: PHP substr_replace() use-after-free",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/13/3"
},
{
"name" : "[oss-security] 20110313 Re: CVE request: PHP substr_replace() use-after-free",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/13/9"
},
{
"name" : "http://bugs.php.net/bug.php?id=54238",
"refsource" : "CONFIRM",
"url" : "http://bugs.php.net/bug.php?id=54238"
},
{
"name" : "http://www.php.net/ChangeLog-5.php#5.3.7",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/ChangeLog-5.php#5.3.7"
},
{
"name" : "http://www.php.net/archive/2011.php#id2011-08-18-1",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/archive/2011.php#id2011-08-18-1"
},
{
"name" : "http://support.apple.com/kb/HT5130",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5130"
},
{
"name" : "APPLE-SA-2012-02-01-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"name" : "HPSBOV02763",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133469208622507&w=2"
},
{
"name" : "SSRT100826",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133469208622507&w=2"
},
{
"name" : "MDVSA-2011:165",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:165"
},
{
"name" : "RHSA-2011:1423",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-1423.html"
},
{
"name" : "46843",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46843"
},
{
"name" : "49241",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/49241"
},
{
"name" : "php-substrreplace-code-exec(66080)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66080"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBOV02763",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2"
},
{
"name": "http://support.apple.com/kb/HT5130",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5130"
},
{
"name": "49241",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49241"
},
{
"name": "[oss-security] 20110313 CVE request: PHP substr_replace() use-after-free",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/13/2"
},
{
"name": "MDVSA-2011:165",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:165"
},
{
"name": "[oss-security] 20110313 Re: CVE request: PHP substr_replace() use-after-free",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/13/9"
},
{
"name": "APPLE-SA-2012-02-01-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"name": "[oss-security] 20110313 Re: CVE request: PHP substr_replace() use-after-free",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/13/3"
},
{
"name": "http://bugs.php.net/bug.php?id=54238",
"refsource": "CONFIRM",
"url": "http://bugs.php.net/bug.php?id=54238"
},
{
"name": "SSRT100826",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2"
},
{
"name": "RHSA-2011:1423",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1423.html"
},
{
"name": "http://www.php.net/ChangeLog-5.php#5.3.7",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php#5.3.7"
},
{
"name": "php-substrreplace-code-exec(66080)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66080"
},
{
"name": "46843",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46843"
},
{
"name": "http://www.php.net/archive/2011.php#id2011-08-18-1",
"refsource": "CONFIRM",
"url": "http://www.php.net/archive/2011.php#id2011-08-18-1"
}
]
}
}

170
2011/1xxx/CVE-2011-1585.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1585",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kernel before 2.6.36 does not properly determine the associations between users and sessions, which allows local users to bypass CIFS share authentication by leveraging a mount of a share by a different user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110415 Re: CVE Request: cifs session reuse",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/04/15/8"
},
{
"name" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36",
"refsource" : "CONFIRM",
"url" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4ff67b720c02c36e54d55b88c2931879b7db1cd2",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4ff67b720c02c36e54d55b88c2931879b7db1cd2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=697394",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=697394"
},
{
"name" : "https://github.com/torvalds/linux/commit/4ff67b720c02c36e54d55b88c2931879b7db1cd2",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/4ff67b720c02c36e54d55b88c2931879b7db1cd2"
},
{
"name" : "SUSE-SU-2015:0812",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kernel before 2.6.36 does not properly determine the associations between users and sessions, which allows local users to bypass CIFS share authentication by leveraging a mount of a share by a different user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36",
"refsource": "CONFIRM",
"url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36"
},
{
"name": "[oss-security] 20110415 Re: CVE Request: cifs session reuse",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/04/15/8"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=697394",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=697394"
},
{
"name": "https://github.com/torvalds/linux/commit/4ff67b720c02c36e54d55b88c2931879b7db1cd2",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/4ff67b720c02c36e54d55b88c2931879b7db1cd2"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4ff67b720c02c36e54d55b88c2931879b7db1cd2",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4ff67b720c02c36e54d55b88c2931879b7db1cd2"
},
{
"name": "SUSE-SU-2015:0812",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
}
]
}
}

130
2011/1xxx/CVE-2011-1651.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1651",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS XR 3.9.x and 4.0.x before 4.0.3 and 4.1.x before 4.1.1, when an SPA interface processor is installed, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 packet, aka Bug ID CSCto45095."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-1651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110525 Cisco XR 12000 Series Shared Port Adapters Interface Processor Vulnerability",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f191.shtml"
},
{
"name" : "1025567",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025567"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS XR 3.9.x and 4.0.x before 4.0.3 and 4.1.x before 4.1.1, when an SPA interface processor is installed, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 packet, aka Bug ID CSCto45095."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1025567",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025567"
},
{
"name": "20110525 Cisco XR 12000 Series Shared Port Adapters Interface Processor Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f191.shtml"
}
]
}
}

190
2014/3xxx/CVE-2014-3289.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3289",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) and earlier, and Content Security Management Appliance (SMA) 8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, as demonstrated by the date_range parameter to monitor/reports/overview on the IronPort ESA, aka Bug IDs CSCun07998, CSCun07844, and CSCun07888."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140609 Cisco AsyncOS Cross-Site Scripting Vulnerability CVE-2014-3289",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Jun/57"
},
{
"name" : "http://packetstormsecurity.com/files/127004/Cisco-Ironport-Email-Security-Virtual-Appliance-8.0.0-671-XSS.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127004/Cisco-Ironport-Email-Security-Virtual-Appliance-8.0.0-671-XSS.html"
},
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34569",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34569"
},
{
"name" : "20140609 Cisco AsyncOS Cross-Site Scripting Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3289"
},
{
"name" : "VU#613308",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/613308"
},
{
"name" : "67943",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67943"
},
{
"name" : "1030407",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030407"
},
{
"name" : "58296",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58296"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) and earlier, and Content Security Management Appliance (SMA) 8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, as demonstrated by the date_range parameter to monitor/reports/overview on the IronPort ESA, aka Bug IDs CSCun07998, CSCun07844, and CSCun07888."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1030407",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030407"
},
{
"name": "VU#613308",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/613308"
},
{
"name": "http://packetstormsecurity.com/files/127004/Cisco-Ironport-Email-Security-Virtual-Appliance-8.0.0-671-XSS.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127004/Cisco-Ironport-Email-Security-Virtual-Appliance-8.0.0-671-XSS.html"
},
{
"name": "20140609 Cisco AsyncOS Cross-Site Scripting Vulnerability CVE-2014-3289",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jun/57"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34569",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34569"
},
{
"name": "58296",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58296"
},
{
"name": "20140609 Cisco AsyncOS Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3289"
},
{
"name": "67943",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67943"
}
]
}
}

160
2014/3xxx/CVE-2014-3451.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3451",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3451",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150424 Incorrect handling of self signed certificates in OpenFire XMPP Server",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/535363/100/1100/threaded"
},
{
"name" : "[oss-security] 20150423 Incorrect handling of self signed certificates in OpenFire XMPP Server",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/04/23/16"
},
{
"name" : "http://packetstormsecurity.com/files/131614/OpenFire-XMPP-3.9.3-Certificate-Handling.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/131614/OpenFire-XMPP-3.9.3-Certificate-Handling.html"
},
{
"name" : "https://community.igniterealtime.org/blogs/ignite/2015/04/22/openfire-3100-released",
"refsource" : "MISC",
"url" : "https://community.igniterealtime.org/blogs/ignite/2015/04/22/openfire-3100-released"
},
{
"name" : "74305",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74305"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150423 Incorrect handling of self signed certificates in OpenFire XMPP Server",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/04/23/16"
},
{
"name": "20150424 Incorrect handling of self signed certificates in OpenFire XMPP Server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535363/100/1100/threaded"
},
{
"name": "https://community.igniterealtime.org/blogs/ignite/2015/04/22/openfire-3100-released",
"refsource": "MISC",
"url": "https://community.igniterealtime.org/blogs/ignite/2015/04/22/openfire-3100-released"
},
{
"name": "http://packetstormsecurity.com/files/131614/OpenFire-XMPP-3.9.3-Certificate-Handling.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/131614/OpenFire-XMPP-3.9.3-Certificate-Handling.html"
},
{
"name": "74305",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74305"
}
]
}
}

260
2014/3xxx/CVE-2014-3537.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3537",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.cups.org/blog.php?L724",
"refsource" : "CONFIRM",
"url" : "http://www.cups.org/blog.php?L724"
},
{
"name" : "http://www.cups.org/str.php?L4450",
"refsource" : "CONFIRM",
"url" : "http://www.cups.org/str.php?L4450"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1115576",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1115576"
},
{
"name" : "https://support.apple.com/kb/HT6535",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT6535"
},
{
"name" : "http://advisories.mageia.org/MGASA-2014-0313.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2014-0313.html"
},
{
"name" : "APPLE-SA-2014-10-16-1",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"
},
{
"name" : "FEDORA-2014-8351",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135528.html"
},
{
"name" : "MDVSA-2015:108",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:108"
},
{
"name" : "RHSA-2014:1388",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1388.html"
},
{
"name" : "USN-2293-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2293-1"
},
{
"name" : "68788",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68788"
},
{
"name" : "1030611",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030611"
},
{
"name" : "59945",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59945"
},
{
"name" : "60787",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60787"
},
{
"name" : "60273",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60273"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2014-8351",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135528.html"
},
{
"name": "60273",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60273"
},
{
"name": "http://www.cups.org/blog.php?L724",
"refsource": "CONFIRM",
"url": "http://www.cups.org/blog.php?L724"
},
{
"name": "RHSA-2014:1388",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1388.html"
},
{
"name": "USN-2293-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2293-1"
},
{
"name": "APPLE-SA-2014-10-16-1",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"
},
{
"name": "68788",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68788"
},
{
"name": "60787",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60787"
},
{
"name": "http://www.cups.org/str.php?L4450",
"refsource": "CONFIRM",
"url": "http://www.cups.org/str.php?L4450"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1115576",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1115576"
},
{
"name": "59945",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59945"
},
{
"name": "https://support.apple.com/kb/HT6535",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT6535"
},
{
"name": "1030611",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030611"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0313.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0313.html"
},
{
"name": "MDVSA-2015:108",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:108"
}
]
}
}

34
2014/3xxx/CVE-2014-3603.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3603",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3603",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2014/3xxx/CVE-2014-3692.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3692",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default password for the root account when a password is not specified for a new image, which allows remote attackers to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "RHSA-2015:0028",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0028.html"
},
{
"name" : "62255",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62255"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default password for the root account when a password is not specified for a new image, which allows remote attackers to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62255",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62255"
},
{
"name": "RHSA-2015:0028",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0028.html"
}
]
}
}

130
2014/6xxx/CVE-2014-6048.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6048",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://techdefencelabs.com/security-advisories.html",
"refsource" : "MISC",
"url" : "http://techdefencelabs.com/security-advisories.html"
},
{
"name" : "https://www.phpmyfaq.de/security/advisory-2014-09-16",
"refsource" : "CONFIRM",
"url" : "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://techdefencelabs.com/security-advisories.html",
"refsource": "MISC",
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"name": "https://www.phpmyfaq.de/security/advisory-2014-09-16",
"refsource": "CONFIRM",
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
]
}
}

190
2014/6xxx/CVE-2014-6469.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6469",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-6469",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name" : "GLSA-201411-02",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201411-02.xml"
},
{
"name" : "SUSE-SU-2015:0743",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
},
{
"name" : "70446",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70446"
},
{
"name" : "61579",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61579"
},
{
"name" : "62073",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62073"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62073",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62073"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "SUSE-SU-2015:0743",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
},
{
"name": "70446",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70446"
},
{
"name": "GLSA-201411-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201411-02.xml"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "61579",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61579"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
]
}
}

140
2014/6xxx/CVE-2014-6747.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6747",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SeeOn (aka com.seeon) application 4.0.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6747",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#439497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/439497"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SeeOn (aka com.seeon) application 4.0.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#439497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/439497"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/6xxx/CVE-2014-6757.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6757",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Koran - AlqoranVideos (aka com.alqoran.videos.example) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#910385",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/910385"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Koran - AlqoranVideos (aka com.alqoran.videos.example) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#910385",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/910385"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7405.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7405",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Belaire Family Orthodontics (aka com.app_bf.layout) application 1.304 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#708865",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/708865"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Belaire Family Orthodontics (aka com.app_bf.layout) application 1.304 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#708865",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/708865"
}
]
}
}

140
2014/7xxx/CVE-2014-7406.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7406",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Deakin University (aka com.desire2learn.campuslife.deakin.edu.au.directory) application 1.1.729.1694 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#615057",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/615057"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Deakin University (aka com.desire2learn.campuslife.deakin.edu.au.directory) application 1.1.729.1694 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#615057",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/615057"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

150
2014/7xxx/CVE-2014-7919.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7919",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "b/libs/gui/ISurfaceComposer.cpp in Android allows attackers to trigger a denial of service (null pointer dereference and process crash)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2014-7919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://android.googlesource.com/platform/frameworks/native/+/ae33effd43a615183f089f0a216b5965e8104842%5E%21/#F0",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/native/+/ae33effd43a615183f089f0a216b5965e8104842%5E%21/#F0"
},
{
"name" : "https://github.com/alexpark07/Bookmark/blob/master/BugHunting.md",
"refsource" : "CONFIRM",
"url" : "https://github.com/alexpark07/Bookmark/blob/master/BugHunting.md"
},
{
"name" : "https://github.com/alexpark07/Bookmark/issues/1",
"refsource" : "CONFIRM",
"url" : "https://github.com/alexpark07/Bookmark/issues/1"
},
{
"name" : "99014",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99014"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "b/libs/gui/ISurfaceComposer.cpp in Android allows attackers to trigger a denial of service (null pointer dereference and process crash)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/alexpark07/Bookmark/blob/master/BugHunting.md",
"refsource": "CONFIRM",
"url": "https://github.com/alexpark07/Bookmark/blob/master/BugHunting.md"
},
{
"name": "https://github.com/alexpark07/Bookmark/issues/1",
"refsource": "CONFIRM",
"url": "https://github.com/alexpark07/Bookmark/issues/1"
},
{
"name": "99014",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99014"
},
{
"name": "https://android.googlesource.com/platform/frameworks/native/+/ae33effd43a615183f089f0a216b5965e8104842%5E%21/#F0",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/native/+/ae33effd43a615183f089f0a216b5965e8104842%5E%21/#F0"
}
]
}
}

160
2014/7xxx/CVE-2014-7990.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7990",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS XE 3.5E and earlier on WS-C3850, WS-C3860, and AIR-CT5760 devices does not properly parse the \"request system shell\" challenge response, which allows local users to obtain Linux root access by leveraging administrative privilege, aka Bug ID CSCur09815."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-7990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36351",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36351"
},
{
"name" : "20141106 Cisco IOS XE Challenge/Response Bypass Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7990"
},
{
"name" : "70968",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70968"
},
{
"name" : "1031179",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031179"
},
{
"name" : "ciscoiosxe-cve20147990-sec-bypass(98529)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98529"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS XE 3.5E and earlier on WS-C3850, WS-C3860, and AIR-CT5760 devices does not properly parse the \"request system shell\" challenge response, which allows local users to obtain Linux root access by leveraging administrative privilege, aka Bug ID CSCur09815."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141106 Cisco IOS XE Challenge/Response Bypass Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7990"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36351",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36351"
},
{
"name": "ciscoiosxe-cve20147990-sec-bypass(98529)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98529"
},
{
"name": "70968",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70968"
},
{
"name": "1031179",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031179"
}
]
}
}

200
2014/8xxx/CVE-2014-8099.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8099",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXvQueryExtension, (2) SProcXvQueryAdaptors, (3) SProcXvQueryEncodings, (4) SProcXvGrabPort, (5) SProcXvUngrabPort, (6) SProcXvPutVideo, (7) SProcXvPutStill, (8) SProcXvGetVideo, (9) SProcXvGetStill, (10) SProcXvPutImage, (11) SProcXvShmPutImage, (12) SProcXvSelectVideoNotify, (13) SProcXvSelectPortNotify, (14) SProcXvStopVideo, (15) SProcXvSetPortAttribute, (16) SProcXvGetPortAttribute, (17) SProcXvQueryBestSize, (18) SProcXvQueryPortAttributes, (19) SProcXvQueryImageAttributes, or (20) SProcXvListImageFormats function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/",
"refsource" : "CONFIRM",
"url" : "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/"
},
{
"name" : "http://advisories.mageia.org/MGASA-2014-0532.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2014-0532.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name" : "DSA-3095",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3095"
},
{
"name" : "GLSA-201504-06",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201504-06"
},
{
"name" : "MDVSA-2015:119",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119"
},
{
"name" : "71600",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71600"
},
{
"name" : "62292",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62292"
},
{
"name" : "61947",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61947"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXvQueryExtension, (2) SProcXvQueryAdaptors, (3) SProcXvQueryEncodings, (4) SProcXvGrabPort, (5) SProcXvUngrabPort, (6) SProcXvPutVideo, (7) SProcXvPutStill, (8) SProcXvGetVideo, (9) SProcXvGetStill, (10) SProcXvPutImage, (11) SProcXvShmPutImage, (12) SProcXvSelectVideoNotify, (13) SProcXvSelectPortNotify, (14) SProcXvStopVideo, (15) SProcXvSetPortAttribute, (16) SProcXvGetPortAttribute, (17) SProcXvQueryBestSize, (18) SProcXvQueryPortAttributes, (19) SProcXvQueryImageAttributes, or (20) SProcXvListImageFormats function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3095",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3095"
},
{
"name": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/",
"refsource": "CONFIRM",
"url": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0532.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0532.html"
},
{
"name": "GLSA-201504-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-06"
},
{
"name": "62292",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62292"
},
{
"name": "71600",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71600"
},
{
"name": "MDVSA-2015:119",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "61947",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61947"
}
]
}
}

140
2014/8xxx/CVE-2014-8114.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8114",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary files via vectors involving FileDownloadServlet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/uberfire/uberfire/commit/21ec50eb15",
"refsource" : "CONFIRM",
"url" : "https://github.com/uberfire/uberfire/commit/21ec50eb15"
},
{
"name" : "RHSA-2015:0234",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0234.html"
},
{
"name" : "RHSA-2015:0235",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0235.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary files via vectors involving FileDownloadServlet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:0234",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0234.html"
},
{
"name": "RHSA-2015:0235",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0235.html"
},
{
"name": "https://github.com/uberfire/uberfire/commit/21ec50eb15",
"refsource": "CONFIRM",
"url": "https://github.com/uberfire/uberfire/commit/21ec50eb15"
}
]
}
}

34
2014/8xxx/CVE-2014-8204.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8204",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-8204",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

130
2014/8xxx/CVE-2014-8809.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8809",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the WP Symposium plugin before 14.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter in an addComment action to ajax/profile_functions.php, (2) compose_text parameter in a sendMail action to ajax/mail_functions.php, (3) comment parameter in an add_comment action to ajax/lounge_functions.php, or (4) name parameter in a create_album action to ajax/gallery_functions.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://security.szurek.pl/wp-symposium-1410-multiple-xss-and-sql-injection.html",
"refsource" : "MISC",
"url" : "http://security.szurek.pl/wp-symposium-1410-multiple-xss-and-sql-injection.html"
},
{
"name" : "http://www.wpsymposium.com/release-information-for-v14-11/",
"refsource" : "CONFIRM",
"url" : "http://www.wpsymposium.com/release-information-for-v14-11/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the WP Symposium plugin before 14.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter in an addComment action to ajax/profile_functions.php, (2) compose_text parameter in a sendMail action to ajax/mail_functions.php, (3) comment parameter in an add_comment action to ajax/lounge_functions.php, or (4) name parameter in a create_album action to ajax/gallery_functions.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.szurek.pl/wp-symposium-1410-multiple-xss-and-sql-injection.html",
"refsource": "MISC",
"url": "http://security.szurek.pl/wp-symposium-1410-multiple-xss-and-sql-injection.html"
},
{
"name": "http://www.wpsymposium.com/release-information-for-v14-11/",
"refsource": "CONFIRM",
"url": "http://www.wpsymposium.com/release-information-for-v14-11/"
}
]
}
}

120
2014/8xxx/CVE-2014-8927.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8927",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (CPU consumption or application crash) via a crafted XML query, a different vulnerability than CVE-2014-8926."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-8927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21882695",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21882695"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (CPU consumption or application crash) via a crafted XML query, a different vulnerability than CVE-2014-8926."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21882695",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21882695"
}
]
}
}

140
2014/9xxx/CVE-2014-9886.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9886",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815575 and Qualcomm internal bug CR555030."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2014-9886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=80be0e249c906704085d13d4ae446f73913fc225",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=80be0e249c906704085d13d4ae446f73913fc225"
},
{
"name" : "92219",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92219"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815575 and Qualcomm internal bug CR555030."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=80be0e249c906704085d13d4ae446f73913fc225",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=80be0e249c906704085d13d4ae446f73913fc225"
},
{
"name": "92219",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92219"
}
]
}
}

160
2016/2xxx/CVE-2016-2194.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2194",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[botan-devel] 20160201 Botan 1.11.28 and 1.10.11 released with security fixes",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=botan-devel&m=145435148602911&w=2"
},
{
"name" : "[botan-devel] 20160203 Botan 1.10.12 released",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=botan-devel&m=145449001708138&w=2"
},
{
"name" : "http://botan.randombit.net/security.html",
"refsource" : "CONFIRM",
"url" : "http://botan.randombit.net/security.html"
},
{
"name" : "DSA-3565",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3565"
},
{
"name" : "GLSA-201612-38",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201612-38"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[botan-devel] 20160201 Botan 1.11.28 and 1.10.11 released with security fixes",
"refsource": "MLIST",
"url": "http://marc.info/?l=botan-devel&m=145435148602911&w=2"
},
{
"name": "[botan-devel] 20160203 Botan 1.10.12 released",
"refsource": "MLIST",
"url": "http://marc.info/?l=botan-devel&m=145449001708138&w=2"
},
{
"name": "DSA-3565",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3565"
},
{
"name": "GLSA-201612-38",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-38"
},
{
"name": "http://botan.randombit.net/security.html",
"refsource": "CONFIRM",
"url": "http://botan.randombit.net/security.html"
}
]
}
}

120
2016/2xxx/CVE-2016-2405.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2405",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to gain privileges and cause a denial of service (system crash) via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160217-01-policycenter-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160217-01-policycenter-en"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to gain privileges and cause a denial of service (system crash) via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160217-01-policycenter-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160217-01-policycenter-en"
}
]
}
}

260
2016/2xxx/CVE-2016-2808.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2808",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow, out-of-bounds HashMap write access, and application crash) via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-2808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-47.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-47.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1246061",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1246061"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name" : "DSA-3559",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3559"
},
{
"name" : "GLSA-201701-15",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-15"
},
{
"name" : "RHSA-2016:0695",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0695.html"
},
{
"name" : "openSUSE-SU-2016:1211",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html"
},
{
"name" : "SUSE-SU-2016:1258",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00023.html"
},
{
"name" : "openSUSE-SU-2016:1251",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html"
},
{
"name" : "SUSE-SU-2016:1352",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00054.html"
},
{
"name" : "SUSE-SU-2016:1374",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00057.html"
},
{
"name" : "USN-2936-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2936-1"
},
{
"name" : "USN-2936-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2936-2"
},
{
"name" : "USN-2936-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2936-3"
},
{
"name" : "1035692",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035692"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow, out-of-bounds HashMap write access, and application crash) via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:1211",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:0695",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0695.html"
},
{
"name": "1035692",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035692"
},
{
"name": "SUSE-SU-2016:1374",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00057.html"
},
{
"name": "openSUSE-SU-2016:1251",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html"
},
{
"name": "USN-2936-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2936-2"
},
{
"name": "SUSE-SU-2016:1352",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00054.html"
},
{
"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-47.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-47.html"
},
{
"name": "GLSA-201701-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"name": "DSA-3559",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3559"
},
{
"name": "USN-2936-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2936-1"
},
{
"name": "USN-2936-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2936-3"
},
{
"name": "SUSE-SU-2016:1258",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00023.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1246061",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1246061"
}
]
}
}

140
2016/2xxx/CVE-2016-2963.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2963",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-2963",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991867",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991867"
},
{
"name" : "IV89797",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89797"
},
{
"name" : "94596",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94596"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IV89797",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89797"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991867",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991867"
},
{
"name": "94596",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94596"
}
]
}
}

34
2016/6xxx/CVE-2016-6053.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6053",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6053",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2016/6xxx/CVE-2016-6453.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2016-6453",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Identity Services Engine 1.3(0.876)",
"version" : {
"version_data" : [
{
"version_value" : "Cisco Identity Services Engine 1.3(0.876)"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary SQL commands on the database. More Information: CSCva46542. Known Affected Releases: 1.3(0.876)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unspecified"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Identity Services Engine 1.3(0.876)",
"version": {
"version_data": [
{
"version_value": "Cisco Identity Services Engine 1.3(0.876)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ise",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ise"
},
{
"name" : "93897",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93897"
},
{
"name" : "1037109",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037109"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary SQL commands on the database. More Information: CSCva46542. Known Affected Releases: 1.3(0.876)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ise",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ise"
},
{
"name": "1037109",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037109"
},
{
"name": "93897",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93897"
}
]
}
}

140
2016/6xxx/CVE-2016-6967.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6967",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-6967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"
},
{
"name" : "93491",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93491"
},
{
"name" : "1036986",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036986"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036986",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036986"
},
{
"name": "93491",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93491"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"
}
]
}
}

132
2017/18xxx/CVE-2017-18145.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00",
"ID" : "CVE-2017-18145",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Mobile, Snapdragon Wear",
"version" : {
"version_data" : [
{
"version_value" : "MSM8909W, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, while the DPM native process is processing framework events, the iterator pointer is deleted after processing an event. When processing subsequent events, a Use After Condition will occur."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use After Free in Data"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-04-02T00:00:00",
"ID": "CVE-2017-18145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value": "MSM8909W, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name" : "103671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103671"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, while the DPM native process is processing framework events, the iterator pointer is deleted after processing an event. When processing subsequent events, a Use After Condition will occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free in Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}
}

34
2017/1xxx/CVE-2017-1166.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1166",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1166",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

180
2017/5xxx/CVE-2017-5118.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-5118",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Google Chrome prior to 61.0.3163.79 for Mac, Windows and Linux, and 61.0.3163.81 for Android",
"version" : {
"version_data" : [
{
"version_value" : "Google Chrome prior to 61.0.3163.79 for Mac, Windows and Linux, and 61.0.3163.81 for Android"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Policy bypass"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 61.0.3163.79 for Mac, Windows and Linux, and 61.0.3163.81 for Android",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 61.0.3163.79 for Mac, Windows and Linux, and 61.0.3163.81 for Android"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html",
"refsource" : "MISC",
"url" : "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html"
},
{
"name" : "https://crbug.com/747847",
"refsource" : "MISC",
"url" : "https://crbug.com/747847"
},
{
"name" : "DSA-3985",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3985"
},
{
"name" : "GLSA-201709-15",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201709-15"
},
{
"name" : "RHSA-2017:2676",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2676"
},
{
"name" : "100610",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100610"
},
{
"name" : "1039291",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039291"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Policy bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/747847",
"refsource": "MISC",
"url": "https://crbug.com/747847"
},
{
"name": "GLSA-201709-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-15"
},
{
"name": "RHSA-2017:2676",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2676"
},
{
"name": "1039291",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039291"
},
{
"name": "100610",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100610"
},
{
"name": "DSA-3985",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3985"
},
{
"name": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html"
}
]
}
}

130
2017/5xxx/CVE-2017-5167.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2017-5167",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BINOM3 Electric Power Quality Meter",
"version" : {
"version_data" : [
{
"version_value" : "BINOM3 Electric Power Quality Meter"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Users do not have any option to change their own passwords."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "BINOM3 Electric Power Quality Meter hardcoded passwords"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-5167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BINOM3 Electric Power Quality Meter",
"version": {
"version_data": [
{
"version_value": "BINOM3 Electric Power Quality Meter"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A"
},
{
"name" : "93028",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93028"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Users do not have any option to change their own passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "BINOM3 Electric Power Quality Meter hardcoded passwords"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A"
},
{
"name": "93028",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93028"
}
]
}
}

184
2017/5xxx/CVE-2017-5414.json
View File

@ -1,94 +1,94 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2017-5414",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "52"
}
]
}
},
{
"product_name" : "Thunderbird",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "52"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name. This vulnerability affects Firefox < 52 and Thunderbird < 52."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "File picker can choose incorrect default directory"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2017-5414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "52"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "52"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1319370",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1319370"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-05/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-05/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-09/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-09/"
},
{
"name" : "96692",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96692"
},
{
"name" : "1037966",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037966"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name. This vulnerability affects Firefox < 52 and Thunderbird < 52."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "File picker can choose incorrect default directory"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1319370",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1319370"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-09/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-09/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-05/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-05/"
},
{
"name": "1037966",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037966"
},
{
"name": "96692",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96692"
}
]
}
}

130
2017/5xxx/CVE-2017-5516.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5516",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the user forms in GeniXCMS through 0.0.8 allow remote attackers to inject arbitrary web script or HTML via crafted parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5516",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/semplon/GeniXCMS/issues/65",
"refsource" : "CONFIRM",
"url" : "https://github.com/semplon/GeniXCMS/issues/65"
},
{
"name" : "95622",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95622"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the user forms in GeniXCMS through 0.0.8 allow remote attackers to inject arbitrary web script or HTML via crafted parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/semplon/GeniXCMS/issues/65",
"refsource": "CONFIRM",
"url": "https://github.com/semplon/GeniXCMS/issues/65"
},
{
"name": "95622",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95622"
}
]
}
}

170
2017/5xxx/CVE-2017-5546.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5546",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The freelist-randomization feature in mm/slab.c in the Linux kernel 4.8.x and 4.9.x before 4.9.5 allows local users to cause a denial of service (duplicate freelist entries and system crash) or possibly have unspecified other impact in opportunistic circumstances by leveraging the selection of a large value for a random number."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170120 Re: CVE REQUEST: linux kernel: process with pgid zero able to crash kernel",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/01/21/3"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c4e490cf148e85ead0d1b1c2caaba833f1d5b29f",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c4e490cf148e85ead0d1b1c2caaba833f1d5b29f"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1415733",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1415733"
},
{
"name" : "https://github.com/torvalds/linux/commit/c4e490cf148e85ead0d1b1c2caaba833f1d5b29f",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/c4e490cf148e85ead0d1b1c2caaba833f1d5b29f"
},
{
"name" : "95711",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95711"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The freelist-randomization feature in mm/slab.c in the Linux kernel 4.8.x and 4.9.x before 4.9.5 allows local users to cause a denial of service (duplicate freelist entries and system crash) or possibly have unspecified other impact in opportunistic circumstances by leveraging the selection of a large value for a random number."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/c4e490cf148e85ead0d1b1c2caaba833f1d5b29f",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/c4e490cf148e85ead0d1b1c2caaba833f1d5b29f"
},
{
"name": "[oss-security] 20170120 Re: CVE REQUEST: linux kernel: process with pgid zero able to crash kernel",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/21/3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1415733",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1415733"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c4e490cf148e85ead0d1b1c2caaba833f1d5b29f",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c4e490cf148e85ead0d1b1c2caaba833f1d5b29f"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5"
},
{
"name": "95711",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95711"
}
]
}
}

132
2017/5xxx/CVE-2017-5800.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security-alert@hpe.com",
"DATE_PUBLIC" : "2017-03-31T00:00:00",
"ID" : "CVE-2017-5800",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Operations Bridge Analytics",
"version" : {
"version_data" : [
{
"version_value" : "v3.0"
}
]
}
}
]
},
"vendor_name" : "Hewlett Packard Enterprise"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Remote Cross-Site Scripting (XSS) vulnerability in HPE Operations Bridge Analytics version v3.0 was found."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Cross-Site Scripting (XSS)"
}
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2017-03-31T00:00:00",
"ID": "CVE-2017-5800",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Operations Bridge Analytics",
"version": {
"version_data": [
{
"version_value": "v3.0"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03721en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03721en_us"
},
{
"name" : "97412",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97412"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Remote Cross-Site Scripting (XSS) vulnerability in HPE Operations Bridge Analytics version v3.0 was found."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Cross-Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97412"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03721en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03721en_us"
}
]
}
}