admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:34:27 +00:00
parent f40d9ce158
commit c0b9f6ed8b
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
41 changed files with 2870 additions and 2870 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

190
2006/0xxx/CVE-2006-0053.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2006-0053", "ID": "CVE-2006-0053",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Imager (libimager-perl) before 0.50 allows user-assisted attackers to cause a denial of service (segmentation fault) by writing a 2- or 4-channel JPEG image (or a 2-channel TGA image) to a scalar, which triggers a NULL pointer dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://rt.cpan.org/Public/Bug/Display.html?id=18397", "description_data": [
"refsource" : "MISC", {
"url" : "http://rt.cpan.org/Public/Bug/Display.html?id=18397" "lang": "eng",
}, "value": "Imager (libimager-perl) before 0.50 allows user-assisted attackers to cause a denial of service (segmentation fault) by writing a 2- or 4-channel JPEG image (or a 2-channel TGA image) to a scalar, which triggers a NULL pointer dereference."
{ }
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359661", ]
"refsource" : "CONFIRM", },
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359661" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-1028", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1028" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "17415", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/17415" ]
}, },
{ "references": {
"name" : "ADV-2006-1294", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1294" "name": "DSA-1028",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1028"
"name" : "19577", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19577" "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359661",
}, "refsource": "CONFIRM",
{ "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359661"
"name" : "19575", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19575" "name": "imager-jpeg-tga-dos(25717)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25717"
"name" : "imager-jpeg-tga-dos(25717)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25717" "name": "17415",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/17415"
} },
} {
"name": "19577",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19577"
},
{
"name": "ADV-2006-1294",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1294"
},
{
"name": "http://rt.cpan.org/Public/Bug/Display.html?id=18397",
"refsource": "MISC",
"url": "http://rt.cpan.org/Public/Bug/Display.html?id=18397"
},
{
"name": "19575",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19575"
}
]
}
}

170
2006/0xxx/CVE-2006-0600.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2006-0600", "ID": "CVE-2006-0600",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "elog before 2.5.7 r1558-4 allows remote attackers to cause a denial of service (infinite redirection) via a request with the fail parameter set to 1, which redirects to the same request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349528", "description_data": [
"refsource" : "MISC", {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349528" "lang": "eng",
}, "value": "elog before 2.5.7 r1558-4 allows remote attackers to cause a denial of service (infinite redirection) via a request with the fail parameter set to 1, which redirects to the same request."
{ }
"name" : "http://savannah.psi.ch/viewcvs/trunk/src/elogd.c?root=elog&rev=1487&view=diff&r1=1487&r2=1486&p1=trunk/src/elogd.c&p2=/trunk/src/elogd.c", ]
"refsource" : "MISC", },
"url" : "http://savannah.psi.ch/viewcvs/trunk/src/elogd.c?root=elog&rev=1487&view=diff&r1=1487&r2=1486&p1=trunk/src/elogd.c&p2=/trunk/src/elogd.c" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-967", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-967" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "16579", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/16579" ]
}, },
{ "references": {
"name" : "18783", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18783" "name": "16579",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/16579"
"name" : "elog-fail-redirect-dos(24707)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24707" "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349528",
} "refsource": "MISC",
] "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349528"
} },
} {
"name": "18783",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18783"
},
{
"name": "http://savannah.psi.ch/viewcvs/trunk/src/elogd.c?root=elog&rev=1487&view=diff&r1=1487&r2=1486&p1=trunk/src/elogd.c&p2=/trunk/src/elogd.c",
"refsource": "MISC",
"url": "http://savannah.psi.ch/viewcvs/trunk/src/elogd.c?root=elog&rev=1487&view=diff&r1=1487&r2=1486&p1=trunk/src/elogd.c&p2=/trunk/src/elogd.c"
},
{
"name": "elog-fail-redirect-dos(24707)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24707"
},
{
"name": "DSA-967",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-967"
}
]
}
}

140
2006/1xxx/CVE-2006-1793.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1793", "ID": "CVE-2006-1793",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in runCMS 1.2 and earlier allows remote attackers to read arbitrary files via the bbPath[path] parameter to (1) class.forumposts.php and (2) forumpollrenderer.php. NOTE: this issue is closely related to CVE-2006-0659."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060209 runCMS <= 1.3a2 possible remote code execution through the integrated FCKEditor package", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/424708" "lang": "eng",
}, "value": "Directory traversal vulnerability in runCMS 1.2 and earlier allows remote attackers to read arbitrary files via the bbPath[path] parameter to (1) class.forumposts.php and (2) forumpollrenderer.php. NOTE: this issue is closely related to CVE-2006-0659."
{ }
"name" : "http://retrogod.altervista.org/runcms_13a_xpl.html", ]
"refsource" : "MISC", },
"url" : "http://retrogod.altervista.org/runcms_13a_xpl.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16578", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16578" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "16578",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16578"
},
{
"name": "20060209 runCMS <= 1.3a2 possible remote code execution through the integrated FCKEditor package",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424708"
},
{
"name": "http://retrogod.altervista.org/runcms_13a_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/runcms_13a_xpl.html"
}
]
}
}

190
2006/3xxx/CVE-2006-3159.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3159", "ID": "CVE-2006-3159",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003) allows local users to read portions of restricted files via a symlink attack on msg.conf in a directory identified by the CONFIGROOT environment variable, which returns the first line of the file in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060614 Sun iPlanet Messaging Server 5.2 root password compromise", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046920.html" "lang": "eng",
}, "value": "pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003) allows local users to read portions of restricted files via a symlink attack on msg.conf in a directory identified by the CONFIGROOT environment variable, which returns the first line of the file in an error message."
{ }
"name" : "102496", ]
"refsource" : "SUNALERT", },
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102496-1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "18749", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/18749" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-2633", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/2633" ]
}, },
{ "references": {
"name" : "1016312", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016312" "name": "1016416",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016416"
"name" : "1016416", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016416" "name": "102496",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102496-1"
"name" : "20919", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20919" "name": "1016312",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016312"
"name" : "iplanet-msgconf-symlink(27220)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27220" "name": "iplanet-msgconf-symlink(27220)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27220"
} },
} {
"name": "ADV-2006-2633",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2633"
},
{
"name": "20060614 Sun iPlanet Messaging Server 5.2 root password compromise",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046920.html"
},
{
"name": "18749",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18749"
},
{
"name": "20919",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20919"
}
]
}
}

120
2006/3xxx/CVE-2006-3612.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3612", "ID": "CVE-2006-3612",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Phorum 5.1.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.phorum.org/phorum5/read.php?14,114358", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.phorum.org/phorum5/read.php?14,114358" "lang": "eng",
} "value": "Cross-site scripting (XSS) vulnerability in Phorum 5.1.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.phorum.org/phorum5/read.php?14,114358",
"refsource": "CONFIRM",
"url": "http://www.phorum.org/phorum5/read.php?14,114358"
}
]
}
}

160
2006/4xxx/CVE-2006-4355.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4355", "ID": "CVE-2006-4355",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Drupal Easylinks Module (easylinks.module) 4.7 before 1.5.2.1 2006/08/19 12:02:27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://drupal.org/node/80087", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://drupal.org/node/80087" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Drupal Easylinks Module (easylinks.module) 4.7 before 1.5.2.1 2006/08/19 12:02:27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "19670", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/19670" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-3365", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3365" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "21603", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/21603" ]
}, },
{ "references": {
"name" : "easylinks-unspecified-xss(28525)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28525" "name": "21603",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/21603"
} },
} {
"name": "ADV-2006-3365",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3365"
},
{
"name": "easylinks-unspecified-xss(28525)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28525"
},
{
"name": "19670",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19670"
},
{
"name": "http://drupal.org/node/80087",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/80087"
}
]
}
}

270
2006/4xxx/CVE-2006-4554.json
View File

@ -1,137 +1,137 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4554", "ID": "CVE-2006-4554",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the ReadFile function in the ZOO-processing exports in the BeCubed Compression Plus before 5.0.1.28, as used in products including (1) Tumbleweed EMF, (2) VCOM/Ontrack PowerDesk Pro, (3) Canyon Drag and Zip, (4) Canyon Power File, and (5) Canyon Power File Gold, allow context-dependent attackers to execute arbitrary code via an inconsistent size parameter in a ZOO file header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060831 Compression Plus and Tumblweed EMF Stack Overflow", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/444881/100/0/threaded" "lang": "eng",
}, "value": "Stack-based buffer overflow in the ReadFile function in the ZOO-processing exports in the BeCubed Compression Plus before 5.0.1.28, as used in products including (1) Tumbleweed EMF, (2) VCOM/Ontrack PowerDesk Pro, (3) Canyon Drag and Zip, (4) Canyon Power File, and (5) Canyon Power File Gold, allow context-dependent attackers to execute arbitrary code via an inconsistent size parameter in a ZOO file header."
{ }
"name" : "http://www.mnin.org/advisories/2006_cp5_tweed.pdf", ]
"refsource" : "MISC", },
"url" : "http://www.mnin.org/advisories/2006_cp5_tweed.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.becubed.com/downloads/compfix.txt", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.becubed.com/downloads/compfix.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "19796", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/19796" ]
}, },
{ "references": {
"name" : "ADV-2006-3428", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3428" "name": "20060831 Compression Plus and Tumblweed EMF Stack Overflow",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/444881/100/0/threaded"
"name" : "ADV-2006-3429", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3429" "name": "http://www.becubed.com/downloads/compfix.txt",
}, "refsource": "CONFIRM",
{ "url": "http://www.becubed.com/downloads/compfix.txt"
"name" : "ADV-2006-3437", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3437" "name": "21750",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21750"
"name" : "ADV-2006-3438", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3438" "name": "ADV-2006-3438",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3438"
"name" : "ADV-2006-3439", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3439" "name": "ADV-2006-3437",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3437"
"name" : "21714", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21714" "name": "21718",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21718"
"name" : "21718", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21718" "name": "ADV-2006-3428",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3428"
"name" : "21720", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21720" "name": "ADV-2006-3429",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3429"
"name" : "21750", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21750" "name": "compressionplus-zoo-bo(28693)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28693"
"name" : "21751", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21751" "name": "21720",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21720"
"name" : "1498", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1498" "name": "21751",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21751"
"name" : "compressionplus-zoo-bo(28693)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28693" "name": "ADV-2006-3439",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/3439"
} },
} {
"name": "19796",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19796"
},
{
"name": "1498",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1498"
},
{
"name": "http://www.mnin.org/advisories/2006_cp5_tweed.pdf",
"refsource": "MISC",
"url": "http://www.mnin.org/advisories/2006_cp5_tweed.pdf"
},
{
"name": "21714",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21714"
}
]
}
}

140
2006/4xxx/CVE-2006-4873.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4873", "ID": "CVE-2006-4873",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Jupiter CMS allows remote attackers to obtain sensitive information via a direct request for (1) includes/functions.php, (2) modules/register.php, (3) modules/poll.php, (4) modules/panel.php, (5) modules/pm.php, (6) modules/news.php, (7) modules/templates_change.php, (8) modules/users.php, (9) modules/misc.php, (10) modules/masspm.php, (11) modules/mass-email.php, (12) modules/main-nav.php, (13) modules/login.php, (14) modules/layout.php, (15) modules/hq.php, (16) modules/forum.php, (17) modules/forum-admin.php, (18) modules/events.php, (19) modules/emoticons.php, (20) modules/download.php, (21) modules/blocks.php, (22) modules/ban.php, (23) modules/badwords.php, (24) modules/ads.php, or (25) modules/admin.php, which reveals the installation path in various error messages. NOTE: The modules/online.php vector is already covered by CVE-2006-1679."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060915 Jupiter CMS Multiple injections", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/446064/100/0/threaded" "lang": "eng",
}, "value": "Jupiter CMS allows remote attackers to obtain sensitive information via a direct request for (1) includes/functions.php, (2) modules/register.php, (3) modules/poll.php, (4) modules/panel.php, (5) modules/pm.php, (6) modules/news.php, (7) modules/templates_change.php, (8) modules/users.php, (9) modules/misc.php, (10) modules/masspm.php, (11) modules/mass-email.php, (12) modules/main-nav.php, (13) modules/login.php, (14) modules/layout.php, (15) modules/hq.php, (16) modules/forum.php, (17) modules/forum-admin.php, (18) modules/events.php, (19) modules/emoticons.php, (20) modules/download.php, (21) modules/blocks.php, (22) modules/ban.php, (23) modules/badwords.php, (24) modules/ads.php, or (25) modules/admin.php, which reveals the installation path in various error messages. NOTE: The modules/online.php vector is already covered by CVE-2006-1679."
{ }
"name" : "20048", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/20048" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1608", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1608" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20060915 Jupiter CMS Multiple injections",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446064/100/0/threaded"
},
{
"name": "20048",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20048"
},
{
"name": "1608",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1608"
}
]
}
}

160
2010/2xxx/CVE-2010-2207.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2010-2207", "ID": "CVE-2010-2207",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-15.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-15.html" "lang": "eng",
}, "value": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212."
{ }
"name" : "41239", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/41239" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:6849", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6849" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1024159", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1024159" ]
}, },
{ "references": {
"name" : "ADV-2010-1636", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1636" "name": "ADV-2010-1636",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2010/1636"
} },
} {
"name": "41239",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41239"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-15.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-15.html"
},
{
"name": "1024159",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024159"
},
{
"name": "oval:org.mitre.oval:def:6849",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6849"
}
]
}
}

220
2010/2xxx/CVE-2010-2595.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2595", "ID": "CVE-2010-2595",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to \"downsampled OJPEG input.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20100623 CVE requests: LibTIFF", "description_data": [
"refsource" : "MLIST", {
"url" : "http://marc.info/?l=oss-security&m=127731610612908&w=2" "lang": "eng",
}, "value": "The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to \"downsampled OJPEG input.\""
{ }
"name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2208", ]
"refsource" : "CONFIRM", },
"url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2208" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=583081", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=583081" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://blackberry.com/btsc/KB27244", ]
"refsource" : "CONFIRM", }
"url" : "http://blackberry.com/btsc/KB27244" ]
}, },
{ "references": {
"name" : "DSA-2552", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2012/dsa-2552" "name": "40527",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/40527"
"name" : "GLSA-201209-02", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201209-02.xml" "name": "[oss-security] 20100623 CVE requests: LibTIFF",
}, "refsource": "MLIST",
{ "url": "http://marc.info/?l=oss-security&m=127731610612908&w=2"
"name" : "RHSA-2010:0519", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0519.html" "name": "DSA-2552",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2012/dsa-2552"
"name" : "40422", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40422" "name": "http://blackberry.com/btsc/KB27244",
}, "refsource": "CONFIRM",
{ "url": "http://blackberry.com/btsc/KB27244"
"name" : "40527", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40527" "name": "ADV-2010-1761",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1761"
"name" : "50726", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50726" "name": "GLSA-201209-02",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
"name" : "ADV-2010-1761", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1761" "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2208",
} "refsource": "CONFIRM",
] "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2208"
} },
} {
"name": "RHSA-2010:0519",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0519.html"
},
{
"name": "40422",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40422"
},
{
"name": "50726",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50726"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=583081",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=583081"
}
]
}
}

170
2010/2xxx/CVE-2010-2810.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-2810", "ID": "CVE-2010-2810",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the convert_to_idna function in WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through 2.8.8dev.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed URL containing a % (percent) character in the domain name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20100809 CVE request: Lynx", "description_data": [
"refsource" : "MLIST", {
"url" : "http://marc.info/?l=oss-security&m=128151768510564&w=2" "lang": "eng",
}, "value": "Heap-based buffer overflow in the convert_to_idna function in WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through 2.8.8dev.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed URL containing a % (percent) character in the domain name."
{ }
"name" : "[oss-security] 20100809 Re: CVE request: Lynx", ]
"refsource" : "MLIST", },
"url" : "http://marc.info/?l=oss-security&m=128152412221677&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugs.launchpad.net/ubuntu/+source/lynx-cur/+bug/613254", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.launchpad.net/ubuntu/+source/lynx-cur/+bug/613254" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "USN-1642-1", ]
"refsource" : "UBUNTU", }
"url" : "http://www.ubuntu.com/usn/USN-1642-1" ]
}, },
{ "references": {
"name" : "ADV-2010-2042", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2042" "name": "lynx-converttoidna-bo(61007)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61007"
"name" : "lynx-converttoidna-bo(61007)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61007" "name": "[oss-security] 20100809 Re: CVE request: Lynx",
} "refsource": "MLIST",
] "url": "http://marc.info/?l=oss-security&m=128152412221677&w=2"
} },
} {
"name": "ADV-2010-2042",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2042"
},
{
"name": "USN-1642-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1642-1"
},
{
"name": "[oss-security] 20100809 CVE request: Lynx",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=128151768510564&w=2"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/lynx-cur/+bug/613254",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/lynx-cur/+bug/613254"
}
]
}
}

150
2010/2xxx/CVE-2010-2908.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2908", "ID": "CVE-2010-2908",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Joomdle (com_joomdle) component 0.24 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the course_id parameter in a detail action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "14466", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/14466" "lang": "eng",
}, "value": "SQL injection vulnerability in the Joomdle (com_joomdle) component 0.24 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the course_id parameter in a detail action to index.php."
{ }
"name" : "http://packetstormsecurity.org/1007-exploits/joomlajoomdle-sql.txt", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.org/1007-exploits/joomlajoomdle-sql.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2010-1923", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1923" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "joomdle-index-sql-injection(60623)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60623" ]
} },
] "references": {
} "reference_data": [
} {
"name": "14466",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14466"
},
{
"name": "joomdle-index-sql-injection(60623)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60623"
},
{
"name": "ADV-2010-1923",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1923"
},
{
"name": "http://packetstormsecurity.org/1007-exploits/joomlajoomdle-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1007-exploits/joomlajoomdle-sql.txt"
}
]
}
}

140
2010/3xxx/CVE-2010-3218.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2010-3218", "ID": "CVE-2010-3218",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka \"Word Heap Overflow Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS10-079", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-079" "lang": "eng",
}, "value": "Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka \"Word Heap Overflow Vulnerability.\""
{ }
"name" : "TA10-285A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-285A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:7010", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7010" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:7010",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7010"
},
{
"name": "MS10-079",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-079"
},
{
"name": "TA10-285A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html"
}
]
}
}

140
2010/3xxx/CVE-2010-3228.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2010-3228", "ID": "CVE-2010-3228",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms does not properly perform optimizations, which allows remote attackers to execute arbitrary code via a crafted .NET application that triggers memory corruption, aka \".NET Framework x64 JIT Compiler Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS10-077", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-077" "lang": "eng",
}, "value": "The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms does not properly perform optimizations, which allows remote attackers to execute arbitrary code via a crafted .NET application that triggers memory corruption, aka \".NET Framework x64 JIT Compiler Vulnerability.\""
{ }
"name" : "TA10-285A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-285A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:6824", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6824" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:6824",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6824"
},
{
"name": "MS10-077",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-077"
},
{
"name": "TA10-285A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html"
}
]
}
}

120
2010/3xxx/CVE-2010-3354.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-3354", "ID": "CVE-2010-3354",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "dropboxd in Dropbox 0.7.110 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598287", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598287" "lang": "eng",
} "value": "dropboxd in Dropbox 0.7.110 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598287",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598287"
}
]
}
}

200
2010/3xxx/CVE-2010-3621.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2010-3621", "ID": "CVE-2010-3621",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html" "lang": "eng",
}, "value": "Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658."
{ }
"name" : "GLSA-201101-08", ]
"refsource" : "GENTOO", },
"url" : "http://security.gentoo.org/glsa/glsa-201101-08.xml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2010:0743", "description": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0743.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SUSE-SA:2010:048", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html" ]
}, },
{ "references": {
"name" : "SUSE-SR:2010:019", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" "name": "oval:org.mitre.oval:def:7386",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7386"
"name" : "TA10-279A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-279A.html" "name": "SUSE-SA:2010:048",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html"
"name" : "oval:org.mitre.oval:def:7386", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7386" "name": "ADV-2011-0191",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0191"
"name" : "43025", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43025" "name": "43025",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43025"
"name" : "ADV-2011-0191", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0191" "name": "GLSA-201101-08",
} "refsource": "GENTOO",
] "url": "http://security.gentoo.org/glsa/glsa-201101-08.xml"
} },
} {
"name": "RHSA-2010:0743",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0743.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-21.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-21.html"
},
{
"name": "TA10-279A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-279A.html"
},
{
"name": "SUSE-SR:2010:019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
}
]
}
}

130
2010/4xxx/CVE-2010-4766.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4766", "ID": "CVE-2010-4766",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The AgentTicketForward feature in Open Ticket Request System (OTRS) before 2.4.7 does not properly remove inline images from HTML e-mail messages, which allows remote attackers to obtain potentially sensitive image information in opportunistic circumstances by reading a forwarded message in a standard e-mail client."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugs.otrs.org/show_bug.cgi?id=4818", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.otrs.org/show_bug.cgi?id=4818" "lang": "eng",
}, "value": "The AgentTicketForward feature in Open Ticket Request System (OTRS) before 2.4.7 does not properly remove inline images from HTML e-mail messages, which allows remote attackers to obtain potentially sensitive image information in opportunistic circumstances by reading a forwarded message in a standard e-mail client."
{ }
"name" : "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807", ]
"refsource" : "CONFIRM", },
"url" : "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.otrs.org/show_bug.cgi?id=4818",
"refsource": "CONFIRM",
"url": "http://bugs.otrs.org/show_bug.cgi?id=4818"
},
{
"name": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807",
"refsource": "CONFIRM",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
]
}
}

310
2011/1xxx/CVE-2011-1091.json
View File

@ -1,157 +1,157 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-1091", "ID": "CVE-2011-1091",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG notification packet, and allows (2) remote Yahoo! servers to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG SMS message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://developer.pidgin.im/viewmtn/revision/diff/5cbe18129b6e7c660bc093f7e5e1414ceca17d04/with/a7c415abba1f5f01f79295337518837f73d99bb7/libpurple/protocols/yahoo/libymsg.c", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://developer.pidgin.im/viewmtn/revision/diff/5cbe18129b6e7c660bc093f7e5e1414ceca17d04/with/a7c415abba1f5f01f79295337518837f73d99bb7/libpurple/protocols/yahoo/libymsg.c" "lang": "eng",
}, "value": "libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG notification packet, and allows (2) remote Yahoo! servers to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG SMS message."
{ }
"name" : "http://developer.pidgin.im/viewmtn/revision/info/a7c415abba1f5f01f79295337518837f73d99bb7", ]
"refsource" : "CONFIRM", },
"url" : "http://developer.pidgin.im/viewmtn/revision/info/a7c415abba1f5f01f79295337518837f73d99bb7" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.pidgin.im/news/security/?id=51", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.pidgin.im/news/security/?id=51" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=683031", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=683031" ]
}, },
{ "references": {
"name" : "FEDORA-2011-3113", "reference_data": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055874.html" "name": "ADV-2011-0661",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0661"
"name" : "FEDORA-2011-3150", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056309.html" "name": "RHSA-2011:0616",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-0616.html"
"name" : "RHSA-2011:0616", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0616.html" "name": "openSUSE-SU-2012:0066",
}, "refsource": "SUSE",
{ "url": "https://hermes.opensuse.org/messages/13195955"
"name" : "RHSA-2011:1371", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-1371.html" "name": "http://developer.pidgin.im/viewmtn/revision/diff/5cbe18129b6e7c660bc093f7e5e1414ceca17d04/with/a7c415abba1f5f01f79295337518837f73d99bb7/libpurple/protocols/yahoo/libymsg.c",
}, "refsource": "CONFIRM",
{ "url": "http://developer.pidgin.im/viewmtn/revision/diff/5cbe18129b6e7c660bc093f7e5e1414ceca17d04/with/a7c415abba1f5f01f79295337518837f73d99bb7/libpurple/protocols/yahoo/libymsg.c"
"name" : "SSA:2011-070-02", },
"refsource" : "SLACKWARE", {
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.466884" "name": "http://www.pidgin.im/news/security/?id=51",
}, "refsource": "CONFIRM",
{ "url": "http://www.pidgin.im/news/security/?id=51"
"name" : "openSUSE-SU-2012:0066", },
"refsource" : "SUSE", {
"url" : "https://hermes.opensuse.org/messages/13195955" "name": "46837",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/46837"
"name" : "46837", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/46837" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=683031",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=683031"
"name" : "oval:org.mitre.oval:def:18402", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18402" "name": "ADV-2011-0703",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0703"
"name" : "43695", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43695" "name": "FEDORA-2011-3150",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056309.html"
"name" : "43721", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43721" "name": "43721",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43721"
"name" : "46376", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/46376" "name": "SSA:2011-070-02",
}, "refsource": "SLACKWARE",
{ "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.466884"
"name" : "ADV-2011-0643", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0643" "name": "pidgin-yahoo-protocol-dos(66055)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66055"
"name" : "ADV-2011-0661", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0661" "name": "46376",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/46376"
"name" : "ADV-2011-0669", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0669" "name": "43695",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43695"
"name" : "ADV-2011-0703", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0703" "name": "RHSA-2011:1371",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-1371.html"
"name" : "pidgin-yahoo-protocol-dos(66055)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66055" "name": "oval:org.mitre.oval:def:18402",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18402"
} },
} {
"name": "ADV-2011-0669",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0669"
},
{
"name": "http://developer.pidgin.im/viewmtn/revision/info/a7c415abba1f5f01f79295337518837f73d99bb7",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/viewmtn/revision/info/a7c415abba1f5f01f79295337518837f73d99bb7"
},
{
"name": "FEDORA-2011-3113",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055874.html"
},
{
"name": "ADV-2011-0643",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0643"
}
]
}
}

130
2014/3xxx/CVE-2014-3501.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-3501", "ID": "CVE-2014-3501",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://cordova.apache.org/announcements/2014/08/04/android-351.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://cordova.apache.org/announcements/2014/08/04/android-351.html" "lang": "eng",
}, "value": "Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView."
{ }
"name" : "69041", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/69041" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69041",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69041"
},
{
"name": "http://cordova.apache.org/announcements/2014/08/04/android-351.html",
"refsource": "CONFIRM",
"url": "http://cordova.apache.org/announcements/2014/08/04/android-351.html"
}
]
}
}

140
2014/7xxx/CVE-2014-7026.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7026", "ID": "CVE-2014-7026",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The LIFE TIME FITNESS (aka com.lifetimefitness.ltfmobile) application 1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The LIFE TIME FITNESS (aka com.lifetimefitness.ltfmobile) application 1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#505409", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/505409" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#505409",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/505409"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7407.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7407", "ID": "CVE-2014-7407",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Game Day Tix (aka com.xcr.android.mygamedaytickets) application 2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Game Day Tix (aka com.xcr.android.mygamedaytickets) application 2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#582497", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/582497" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#731569", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/731569" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#731569",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/731569"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7777.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7777", "ID": "CVE-2014-7777",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Slingshot Forum (aka com.tapatalk.theslingshotforumcom) application 3.9.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Slingshot Forum (aka com.tapatalk.theslingshotforumcom) application 3.9.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#582497", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/582497" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#678945", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/678945" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#678945",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/678945"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

180
2014/8xxx/CVE-2014-8108.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-8108", "ID": "CVE-2014-8108",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://subversion.apache.org/security/CVE-2014-8108-advisory.txt", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://subversion.apache.org/security/CVE-2014-8108-advisory.txt" "lang": "eng",
}, "value": "The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist."
{ }
"name" : "https://support.apple.com/HT204427", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT204427" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2015-03-09-4", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2015:0166", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0166.html" ]
}, },
{ "references": {
"name" : "USN-2721-1", "reference_data": [
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2721-1" "name": "http://subversion.apache.org/security/CVE-2014-8108-advisory.txt",
}, "refsource": "CONFIRM",
{ "url": "http://subversion.apache.org/security/CVE-2014-8108-advisory.txt"
"name" : "71725", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/71725" "name": "RHSA-2015:0166",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-0166.html"
"name" : "61131", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/61131" "name": "https://support.apple.com/HT204427",
} "refsource": "CONFIRM",
] "url": "https://support.apple.com/HT204427"
} },
} {
"name": "71725",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71725"
},
{
"name": "APPLE-SA-2015-03-09-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html"
},
{
"name": "61131",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61131"
},
{
"name": "USN-2721-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2721-1"
}
]
}
}

34
2014/8xxx/CVE-2014-8281.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-8281", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-8281",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
} }
] ]
} }
} }

34
2014/8xxx/CVE-2014-8284.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-8284", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-8284",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
} }
] ]
} }
} }

150
2014/8xxx/CVE-2014-8541.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8541", "ID": "CVE-2014-8541",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MJPEG data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=5c378d6a6df8243f06c87962b873bd563e58cd39", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=5c378d6a6df8243f06c87962b873bd563e58cd39" "lang": "eng",
}, "value": "libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MJPEG data."
{ }
"name" : "http://www.ffmpeg.org/security.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ffmpeg.org/security.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-201603-06", "description": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201603-06" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "USN-2944-1", ]
"refsource" : "UBUNTU", }
"url" : "http://www.ubuntu.com/usn/USN-2944-1" ]
} },
] "references": {
} "reference_data": [
} {
"name": "USN-2944-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2944-1"
},
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=5c378d6a6df8243f06c87962b873bd563e58cd39",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=5c378d6a6df8243f06c87962b873bd563e58cd39"
},
{
"name": "http://www.ffmpeg.org/security.html",
"refsource": "CONFIRM",
"url": "http://www.ffmpeg.org/security.html"
},
{
"name": "GLSA-201603-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-06"
}
]
}
}

140
2014/8xxx/CVE-2014-8902.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2014-8902", "ID": "CVE-2014-8902",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Blog Portlet in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21692107", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21692107" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Blog Portlet in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
{ }
"name" : "PI29956", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI29956" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ibm-wsportal-cve20148902-xss(99150)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99150" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "ibm-wsportal-cve20148902-xss(99150)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99150"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21692107",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692107"
},
{
"name": "PI29956",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI29956"
}
]
}
}

34
2014/9xxx/CVE-2014-9063.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9063", "ID": "CVE-2014-9063",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2014/9xxx/CVE-2014-9320.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9320", "ID": "CVE-2014-9320",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

180
2014/9xxx/CVE-2014-9621.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9621", "ID": "CVE-2014-9621",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[File] 20141216 file 5.21 is now available", "description_data": [
"refsource" : "MLIST", {
"url" : "http://mx.gw.com/pipermail/file/2014/001654.html" "lang": "eng",
}, "value": "The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string."
{ }
"name" : "[File] 20150102 file 5.22 is now available", ]
"refsource" : "MLIST", },
"url" : "http://mx.gw.com/pipermail/file/2015/001660.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20150117 Re: CVE request: file(1) DoS", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2015/01/17/9" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/file/file/commit/65437cee25199dbd385fb35901bc0011e164276c", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/file/file/commit/65437cee25199dbd385fb35901bc0011e164276c" ]
}, },
{ "references": {
"name" : "http://advisories.mageia.org/MGASA-2015-0040.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://advisories.mageia.org/MGASA-2015-0040.html" "name": "[oss-security] 20150117 Re: CVE request: file(1) DoS",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2015/01/17/9"
"name" : "GLSA-201503-08", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201503-08" "name": "USN-3686-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3686-1/"
"name" : "USN-3686-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3686-1/" "name": "[File] 20141216 file 5.21 is now available",
} "refsource": "MLIST",
] "url": "http://mx.gw.com/pipermail/file/2014/001654.html"
} },
} {
"name": "[File] 20150102 file 5.22 is now available",
"refsource": "MLIST",
"url": "http://mx.gw.com/pipermail/file/2015/001660.html"
},
{
"name": "GLSA-201503-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-08"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0040.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0040.html"
},
{
"name": "https://github.com/file/file/commit/65437cee25199dbd385fb35901bc0011e164276c",
"refsource": "CONFIRM",
"url": "https://github.com/file/file/commit/65437cee25199dbd385fb35901bc0011e164276c"
}
]
}
}

140
2014/9xxx/CVE-2014-9792.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@android.com",
"ID" : "CVE-2014-9792", "ID": "CVE-2014-9792",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices uses an incorrect integer data type, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769399 and Qualcomm internal bug CR550606."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://source.android.com/security/bulletin/2016-07-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://source.android.com/security/bulletin/2016-07-01.html" "lang": "eng",
}, "value": "arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices uses an incorrect integer data type, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769399 and Qualcomm internal bug CR550606."
{ }
"name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=a3e3dd9fc0a2699ae053ffd3efb52cdc73ad94cd", ]
"refsource" : "CONFIRM", },
"url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=a3e3dd9fc0a2699ae053ffd3efb52cdc73ad94cd" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "91628", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/91628" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=a3e3dd9fc0a2699ae053ffd3efb52cdc73ad94cd",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=a3e3dd9fc0a2699ae053ffd3efb52cdc73ad94cd"
},
{
"name": "91628",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91628"
},
{
"name": "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
}
]
}
}

34
2016/2xxx/CVE-2016-2241.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-2241", "ID": "CVE-2016-2241",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2016/2xxx/CVE-2016-2567.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-2567", "ID": "CVE-2016-2567",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to bypass URL filtering by inserting an \"exceptional URL\" in the query string, as demonstrated by the http://should-have-been-filtered.example.com/?http://google.com URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0003", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0003" "lang": "eng",
} "value": "secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to bypass URL filtering by inserting an \"exceptional URL\" in the query string, as demonstrated by the http://should-have-been-filtered.example.com/?http://google.com URL."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0003",
"refsource": "MISC",
"url": "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0003"
}
]
}
}

34
2016/2xxx/CVE-2016-2759.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-2759", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-2759",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

140
2016/6xxx/CVE-2016-6038.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2016-6038", "ID": "CVE-2016-6038",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure (aka LWI), as used in AIX 5.3, 6.1, and 7.1, allows remote authenticated users to read arbitrary files via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://aix.software.ibm.com/aix/efixes/security/pconsole_mitigation.asc", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://aix.software.ibm.com/aix/efixes/security/pconsole_mitigation.asc" "lang": "eng",
}, "value": "Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure (aka LWI), as used in AIX 5.3, 6.1, and 7.1, allows remote authenticated users to read arbitrary files via a crafted URL."
{ }
"name" : "93180", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/93180" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1036887", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036887" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "93180",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93180"
},
{
"name": "1036887",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036887"
},
{
"name": "http://aix.software.ibm.com/aix/efixes/security/pconsole_mitigation.asc",
"refsource": "CONFIRM",
"url": "http://aix.software.ibm.com/aix/efixes/security/pconsole_mitigation.asc"
}
]
}
}

130
2016/6xxx/CVE-2016-6799.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@apache.org", "ASSIGNER": "security@apache.org",
"ID" : "CVE-2016-6799", "ID": "CVE-2016-6799",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Apache Cordova Android", "product_name": "Apache Cordova Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.2.2 and earlier" "version_value": "5.2.2 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Apache Software Foundation" "vendor_name": "Apache Software Foundation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default, a maximum of four 16 KB rotated logs are kept in addition to the current log. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[dev] 20170509 CVE-2016-6799: Internal system information leak", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.apache.org/thread.html/1f3e7b0319d64b455f73616f572acee36fbca31f87f5b2e509c45b69@%3Cdev.cordova.apache.org%3E" "lang": "eng",
}, "value": "Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default, a maximum of four 16 KB rotated logs are kept in addition to the current log. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications."
{ }
"name" : "98365", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/98365" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98365",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98365"
},
{
"name": "[dev] 20170509 CVE-2016-6799: Internal system information leak",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/1f3e7b0319d64b455f73616f572acee36fbca31f87f5b2e509c45b69@%3Cdev.cordova.apache.org%3E"
}
]
}
}

34
2016/6xxx/CVE-2016-6862.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-6862", "ID": "CVE-2016-6862",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

180
2016/6xxx/CVE-2016-6866.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-6866", "ID": "CVE-2016-6866",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160818 CVE request - slock, all versions NULL pointer dereference", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/08/18/22" "lang": "eng",
}, "value": "slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash."
{ }
"name" : "[oss-security] 20160818 Re: CVE request - slock, all versions NULL pointer dereference", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2016/08/18/24" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://s1m0n.dft-labs.eu/files/slock/slock.txt", "description": [
"refsource" : "MISC", {
"url" : "http://s1m0n.dft-labs.eu/files/slock/slock.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://git.suckless.org/slock/commit/?id=d8bec0f6fdc8a246d78cb488a0068954b46fcb29", ]
"refsource" : "CONFIRM", }
"url" : "http://git.suckless.org/slock/commit/?id=d8bec0f6fdc8a246d78cb488a0068954b46fcb29" ]
}, },
{ "references": {
"name" : "FEDORA-2016-1b7e66c08b", "reference_data": [
"refsource" : "FEDORA", {
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FYPV6QQPPYBL3Z2BYNYEJB67FSC55OR/" "name": "[oss-security] 20160818 Re: CVE request - slock, all versions NULL pointer dereference",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2016/08/18/24"
"name" : "FEDORA-2016-985b68721b", },
"refsource" : "FEDORA", {
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RZPEJQNVODYSI4WQXM5GQKXRO7TPK2VG/" "name": "http://s1m0n.dft-labs.eu/files/slock/slock.txt",
}, "refsource": "MISC",
{ "url": "http://s1m0n.dft-labs.eu/files/slock/slock.txt"
"name" : "92546", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/92546" "name": "FEDORA-2016-985b68721b",
} "refsource": "FEDORA",
] "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RZPEJQNVODYSI4WQXM5GQKXRO7TPK2VG/"
} },
} {
"name": "[oss-security] 20160818 CVE request - slock, all versions NULL pointer dereference",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/08/18/22"
},
{
"name": "http://git.suckless.org/slock/commit/?id=d8bec0f6fdc8a246d78cb488a0068954b46fcb29",
"refsource": "CONFIRM",
"url": "http://git.suckless.org/slock/commit/?id=d8bec0f6fdc8a246d78cb488a0068954b46fcb29"
},
{
"name": "FEDORA-2016-1b7e66c08b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FYPV6QQPPYBL3Z2BYNYEJB67FSC55OR/"
},
{
"name": "92546",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92546"
}
]
}
}

130
2017/5xxx/CVE-2017-5170.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2017-5170", "ID": "CVE-2017-5170",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Moxa SoftNVR-IA Live Viewer", "product_name": "Moxa SoftNVR-IA Live Viewer",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Moxa SoftNVR-IA Live Viewer" "version_value": "Moxa SoftNVR-IA Live Viewer"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An Uncontrolled Search Path Element issue was discovered in Moxa SoftNVR-IA Live Viewer, Version 3.30.3122 and prior versions. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. To exploit this vulnerability, an attacker could rename a malicious DLL to meet the criteria of the application, and the application would not verify that the DLL is correct. The attacker needs to have administrative access to the default install location in order to plant the insecure DLL. Once loaded by the application, the DLL could run malicious code at the privilege level of the application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-427"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-220-02", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-220-02" "lang": "eng",
}, "value": "An Uncontrolled Search Path Element issue was discovered in Moxa SoftNVR-IA Live Viewer, Version 3.30.3122 and prior versions. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. To exploit this vulnerability, an attacker could rename a malicious DLL to meet the criteria of the application, and the application would not verify that the DLL is correct. The attacker needs to have administrative access to the default install location in order to plant the insecure DLL. Once loaded by the application, the DLL could run malicious code at the privilege level of the application."
{ }
"name" : "100208", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100208" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100208",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100208"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-220-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-220-02"
}
]
}
}

190
2017/5xxx/CVE-2017-5488.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5488", "ID": "CVE-2017-5488",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version header of a plugin."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20170114 Re: CVE Request: Wordpress: 8 security issues in 4.7", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2017/01/14/6" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version header of a plugin."
{ }
"name" : "https://wpvulndb.com/vulnerabilities/8716", ]
"refsource" : "MISC", },
"url" : "https://wpvulndb.com/vulnerabilities/8716" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://codex.wordpress.org/Version_4.7.1", "description": [
"refsource" : "CONFIRM", {
"url" : "https://codex.wordpress.org/Version_4.7.1" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/WordPress/WordPress/commit/c9ea1de1441bb3bda133bf72d513ca9de66566c2", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/WordPress/WordPress/commit/c9ea1de1441bb3bda133bf72d513ca9de66566c2" ]
}, },
{ "references": {
"name" : "https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/" "name": "95397",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/95397"
"name" : "DSA-3779", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3779" "name": "DSA-3779",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2017/dsa-3779"
"name" : "95397", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/95397" "name": "https://wpvulndb.com/vulnerabilities/8716",
}, "refsource": "MISC",
{ "url": "https://wpvulndb.com/vulnerabilities/8716"
"name" : "1037591", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037591" "name": "https://codex.wordpress.org/Version_4.7.1",
} "refsource": "CONFIRM",
] "url": "https://codex.wordpress.org/Version_4.7.1"
} },
} {
"name": "[oss-security] 20170114 Re: CVE Request: Wordpress: 8 security issues in 4.7",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/14/6"
},
{
"name": "1037591",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037591"
},
{
"name": "https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/"
},
{
"name": "https://github.com/WordPress/WordPress/commit/c9ea1de1441bb3bda133bf72d513ca9de66566c2",
"refsource": "CONFIRM",
"url": "https://github.com/WordPress/WordPress/commit/c9ea1de1441bb3bda133bf72d513ca9de66566c2"
}
]
}
}

152
2017/5xxx/CVE-2017-5817.json
View File

@ -1,78 +1,78 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security-alert@hpe.com", "ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC" : "2017-07-21T00:00:00", "DATE_PUBLIC": "2017-07-21T00:00:00",
"ID" : "CVE-2017-5817", "ID": "CVE-2017-5817",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Intelligent Management Center (iMC) PLAT", "product_name": "Intelligent Management Center (iMC) PLAT",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "PLAT 7.3 E0504P04" "version_value": "PLAT 7.3 E0504P04"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Hewlett Packard Enterprise" "vendor_name": "Hewlett Packard Enterprise"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "43195", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/43195/" "lang": "eng",
}, "value": "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found."
{ }
"name" : "43492", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/43492/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03745en_us", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03745en_us" "lang": "eng",
}, "value": "Remote Code Execution"
{ }
"name" : "1038478", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1038478" ]
} },
] "references": {
} "reference_data": [
} {
"name": "43492",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43492/"
},
{
"name": "1038478",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038478"
},
{
"name": "43195",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43195/"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03745en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03745en_us"
}
]
}
}