admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:10:02 +00:00
parent 76e6fad05e
commit c89c5ab8ee
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
48 changed files with 3737 additions and 3737 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2006/0xxx/CVE-2006-0520.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0520", "ID": "CVE-2006-0520",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability index.php in Dragoran Portal module 1.3 for Invision Power Board (IPB) allows remote attackers to execute arbitrary SQL commands via the site parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "16447", "description_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16447" "lang": "eng",
}, "value": "SQL injection vulnerability index.php in Dragoran Portal module 1.3 for Invision Power Board (IPB) allows remote attackers to execute arbitrary SQL commands via the site parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "ADV-2006-0396", ]
"refsource" : "VUPEN", },
"url" : "http://www.vupen.com/english/advisories/2006/0396" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "22851", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/22851" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "18664", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/18664" ]
}, },
{ "references": {
"name" : "portal-index-sql-injection(24404)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24404" "name": "ADV-2006-0396",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/0396"
} },
} {
"name": "16447",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16447"
},
{
"name": "22851",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22851"
},
{
"name": "portal-index-sql-injection(24404)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24404"
},
{
"name": "18664",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18664"
}
]
}
}

160
2006/0xxx/CVE-2006-0592.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0592", "ID": "CVE-2006-0592",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Lexmark Printer Sharing LexBce Server Service (LexPPS), possibly 8.29 and 9.41, allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based on a vague initial disclosure; details will be updated after the grace period has ended."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060207 High Risk Vulnerability in Lexmark Printer Sharing Service", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/424273/100/0/threaded" "lang": "eng",
}, "value": "Unspecified vulnerability in the Lexmark Printer Sharing LexBce Server Service (LexPPS), possibly 8.29 and 9.41, allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based on a vague initial disclosure; details will be updated after the grace period has ended."
{ }
"name" : "ADV-2006-0481", ]
"refsource" : "VUPEN", },
"url" : "http://www.vupen.com/english/advisories/2006/0481" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1015593", "description": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015593" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "18744", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/18744" ]
}, },
{ "references": {
"name" : "lexmark-lexpps-code-execution(24581)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24581" "name": "1015593",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1015593"
} },
} {
"name": "ADV-2006-0481",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0481"
},
{
"name": "20060207 High Risk Vulnerability in Lexmark Printer Sharing Service",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424273/100/0/threaded"
},
{
"name": "18744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18744"
},
{
"name": "lexmark-lexpps-code-execution(24581)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24581"
}
]
}
}

180
2006/0xxx/CVE-2006-0686.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0686", "ID": "CVE-2006-0686",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "add_user.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not check user privileges when adding a new administrative user, which allows remote attackers to gain unauthorized access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060211 RS-2006-1: Multiple flaws in VHCS 2.x", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/424816/100/0/threaded" "lang": "eng",
}, "value": "add_user.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not check user privileges when adding a new administrative user, which allows remote attackers to gain unauthorized access."
{ }
"name" : "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt", ]
"refsource" : "MISC", },
"url" : "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16600", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16600" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-0534", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/0534" ]
}, },
{ "references": {
"name" : "18799", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18799" "name": "430",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/430"
"name" : "430", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/430" "name": "vhcs-adduser-privilege-escalation(24667)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24667"
"name" : "vhcs-adduser-privilege-escalation(24667)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24667" "name": "18799",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/18799"
} },
} {
"name": "20060211 RS-2006-1: Multiple flaws in VHCS 2.x",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424816/100/0/threaded"
},
{
"name": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt",
"refsource": "MISC",
"url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt"
},
{
"name": "16600",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16600"
},
{
"name": "ADV-2006-0534",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0534"
}
]
}
}

160
2006/0xxx/CVE-2006-0966.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0966", "ID": "CVE-2006-0966",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to cause a denial of service (CPU consumption) via a large number of arguments to ncprwsnt.exe, possibly due to a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060301 NCP VPN/PKI Client - various Bugs", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/426480/100/0/threaded" "lang": "eng",
}, "value": "NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to cause a denial of service (CPU consumption) via a large number of arguments to ncprwsnt.exe, possibly due to a buffer overflow."
{ }
"name" : "20060301 NCP VPN/PKI Client - various Bugs", ]
"refsource" : "FULLDISC", },
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/042640.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16906", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16906" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "19082", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/19082" ]
}, },
{ "references": {
"name" : "ncp-ncprwsnt-dos(25248)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25248" "name": "ncp-ncprwsnt-dos(25248)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25248"
} },
} {
"name": "16906",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16906"
},
{
"name": "20060301 NCP VPN/PKI Client - various Bugs",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426480/100/0/threaded"
},
{
"name": "19082",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19082"
},
{
"name": "20060301 NCP VPN/PKI Client - various Bugs",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/042640.html"
}
]
}
}

130
2006/0xxx/CVE-2006-0969.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0969", "ID": "CVE-2006-0969",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in index.php in Top sites de PixelArtKingdom allows remote attackers to include and execute arbitrary files via the page parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060227 PixelArtKingdom TopSites Remote Command Exucetion", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/426249/100/0/threaded" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in index.php in Top sites de PixelArtKingdom allows remote attackers to include and execute arbitrary files via the page parameter."
{ }
"name" : "507", ]
"refsource" : "SREASON", },
"url" : "http://securityreason.com/securityalert/507" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "507",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/507"
},
{
"name": "20060227 PixelArtKingdom TopSites Remote Command Exucetion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426249/100/0/threaded"
}
]
}
}

210
2006/1xxx/CVE-2006-1154.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1154", "ID": "CVE-2006-1154",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in archive.php in Fantastic News 2.1.2 allows remote attackers to include arbitrary files via the CONFIG[script_path] variable. NOTE: 2.1.4 was also reported to be vulnerable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sx02.coresec.de/advisories/152.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://sx02.coresec.de/advisories/152.txt" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in archive.php in Fantastic News 2.1.2 allows remote attackers to include arbitrary files via the CONFIG[script_path] variable. NOTE: 2.1.4 was also reported to be vulnerable."
{ }
"name" : "3027", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/3027" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16985", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16985" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "21796", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/21796" ]
}, },
{ "references": {
"name" : "ADV-2006-0826", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/0826" "name": "21807",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21807"
"name" : "ADV-2006-3513", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3513" "name": "ADV-2006-3513",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3513"
"name" : "21807", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21807" "name": "23519",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/23519"
"name" : "23519", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23519" "name": "fantasticnews-configscriptpath-file-include(31121)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31121"
"name" : "fantasticnews-archive-file-include(25064)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25064" "name": "ADV-2006-0826",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/0826"
"name" : "fantasticnews-configscriptpath-file-include(31121)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31121" "name": "fantasticnews-archive-file-include(25064)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25064"
} },
} {
"name": "3027",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3027"
},
{
"name": "http://sx02.coresec.de/advisories/152.txt",
"refsource": "MISC",
"url": "http://sx02.coresec.de/advisories/152.txt"
},
{
"name": "21796",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21796"
},
{
"name": "16985",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16985"
}
]
}
}

160
2006/1xxx/CVE-2006-1642.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1642", "ID": "CVE-2006-1642",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Interact 2.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) the search_terms parameter to (a) search.php, and (2) the first_name, (3) last_name, (4) email, (5) password, and (6) confirm_password parameters to (b) userinput.php. NOTE: the provenance of this information is unknown; the details are obtained from third party. In addition, the lack of precision in the third party descriptions makes it unclear whether the named vectors are correct."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "ADV-2006-1244", "description_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1244" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Interact 2.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) the search_terms parameter to (a) search.php, and (2) the first_name, (3) last_name, (4) email, (5) password, and (6) confirm_password parameters to (b) userinput.php. NOTE: the provenance of this information is unknown; the details are obtained from third party. In addition, the lack of precision in the third party descriptions makes it unclear whether the named vectors are correct."
{ }
"name" : "24389", ]
"refsource" : "OSVDB", },
"url" : "http://www.osvdb.org/24389" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "24461", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/24461" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "19488", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/19488" ]
}, },
{ "references": {
"name" : "interact-search-xss(25652)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25652" "name": "19488",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/19488"
} },
} {
"name": "24461",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24461"
},
{
"name": "interact-search-xss(25652)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25652"
},
{
"name": "24389",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24389"
},
{
"name": "ADV-2006-1244",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1244"
}
]
}
}

160
2006/3xxx/CVE-2006-3284.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3284", "ID": "CVE-2006-3284",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in (1) webmaster/index.php and (2) search.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060622 Dating Agent PRO 4.7.1 Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/438160/100/100/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in (1) webmaster/index.php and (2) search.php."
{ }
"name" : "ADV-2006-2536", ]
"refsource" : "VUPEN", },
"url" : "http://www.vupen.com/english/advisories/2006/2536" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20833", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20833" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1164", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/1164" ]
}, },
{ "references": {
"name" : "datingagent-index-xss(27343)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27343" "name": "20833",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/20833"
} },
} {
"name": "1164",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1164"
},
{
"name": "20060622 Dating Agent PRO 4.7.1 Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438160/100/100/threaded"
},
{
"name": "ADV-2006-2536",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2536"
},
{
"name": "datingagent-index-xss(27343)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27343"
}
]
}
}

150
2006/3xxx/CVE-2006-3332.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3332", "ID": "CVE-2006-3332",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to execute arbitrary SQL commands via the (1) offset, (2) tid, (3) fromid, (4) sortby, (5) fromfrommethod, and (6) fromfromlist parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pridels0.blogspot.com/2006/06/zorum-forum-35-vuln.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://pridels0.blogspot.com/2006/06/zorum-forum-35-vuln.html" "lang": "eng",
}, "value": "SQL injection vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to execute arbitrary SQL commands via the (1) offset, (2) tid, (3) fromid, (4) sortby, (5) fromfrommethod, and (6) fromfromlist parameters."
{ }
"name" : "18681", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/18681" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1016386", "description": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016386" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "zorum-index-sql-injection(24372)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24372" ]
} },
] "references": {
} "reference_data": [
} {
"name": "18681",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18681"
},
{
"name": "zorum-index-sql-injection(24372)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24372"
},
{
"name": "http://pridels0.blogspot.com/2006/06/zorum-forum-35-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/06/zorum-forum-35-vuln.html"
},
{
"name": "1016386",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016386"
}
]
}
}

200
2006/3xxx/CVE-2006-3876.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2006-3876", "ID": "CVE-2006-3876",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBST02161", "description_data": [
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/449179/100/0/threaded" "lang": "eng",
}, "value": "Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694."
{ }
"name" : "SSRT061264", ]
"refsource" : "HP", },
"url" : "http://www.securityfocus.com/archive/1/449179/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MS06-058", "description": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "VU#938196", ]
"refsource" : "CERT-VN", }
"url" : "http://www.kb.cert.org/vuls/id/938196" ]
}, },
{ "references": {
"name" : "20322", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/20322" "name": "SSRT061264",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
"name" : "ADV-2006-3977", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3977" "name": "VU#938196",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/938196"
"name" : "29447", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/29447" "name": "oval:org.mitre.oval:def:453",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A453"
"name" : "oval:org.mitre.oval:def:453", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A453" "name": "20322",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/20322"
"name" : "1017030", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1017030" "name": "HPSBST02161",
} "refsource": "HP",
] "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
} },
} {
"name": "ADV-2006-3977",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3977"
},
{
"name": "29447",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29447"
},
{
"name": "MS06-058",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058"
},
{
"name": "1017030",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017030"
}
]
}
}

170
2006/4xxx/CVE-2006-4760.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4760", "ID": "CVE-2006-4760",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Benjamin Pasero and Tobias Eichert RSSOwl allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.cgisecurity.com/papers/RSS-Security.ppt", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.cgisecurity.com/papers/RSS-Security.ppt" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in Benjamin Pasero and Tobias Eichert RSSOwl allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite."
{ }
"name" : "http://downloads.sourceforge.net/project/rssowl/rssowl%20classic%201.0%20%28do%20not%20use%29/1.2.3/rssowl_1_2_3_src.zip", ]
"refsource" : "CONFIRM", },
"url" : "http://downloads.sourceforge.net/project/rssowl/rssowl%20classic%201.0%20%28do%20not%20use%29/1.2.3/rssowl_1_2_3_src.zip" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20110", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/20110" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-3685", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/3685" ]
}, },
{ "references": {
"name" : "21958", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21958" "name": "rssowl-atom-feed-xss(29049)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29049"
"name" : "rssowl-atom-feed-xss(29049)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29049" "name": "ADV-2006-3685",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/3685"
} },
} {
"name": "http://www.cgisecurity.com/papers/RSS-Security.ppt",
"refsource": "MISC",
"url": "http://www.cgisecurity.com/papers/RSS-Security.ppt"
},
{
"name": "21958",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21958"
},
{
"name": "http://downloads.sourceforge.net/project/rssowl/rssowl%20classic%201.0%20%28do%20not%20use%29/1.2.3/rssowl_1_2_3_src.zip",
"refsource": "CONFIRM",
"url": "http://downloads.sourceforge.net/project/rssowl/rssowl%20classic%201.0%20%28do%20not%20use%29/1.2.3/rssowl_1_2_3_src.zip"
},
{
"name": "20110",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20110"
}
]
}
}

410
2010/2xxx/CVE-2010-2182.json
View File

@ -1,207 +1,207 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2010-2182", "ID": "CVE-2010-2182",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-14.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-14.html" "lang": "eng",
}, "value": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188."
{ }
"name" : "http://support.apple.com/kb/HT4435", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT4435" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2010-11-10-1", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201101-09", ]
"refsource" : "GENTOO", }
"url" : "http://security.gentoo.org/glsa/glsa-201101-09.xml" ]
}, },
{ "references": {
"name" : "HPSBMA02547", "reference_data": [
"refsource" : "HP", {
"url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" "name": "ADV-2011-0192",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0192"
"name" : "SSRT100179", },
"refsource" : "HP", {
"url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" "name": "oval:org.mitre.oval:def:6758",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6758"
"name" : "RHSA-2010:0464", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0464.html" "name": "ADV-2010-1421",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1421"
"name" : "RHSA-2010:0470", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0470.html" "name": "http://support.apple.com/kb/HT4435",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4435"
"name" : "SUSE-SA:2010:024", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html" "name": "40545",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/40545"
"name" : "SUSE-SR:2010:013", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" "name": "adobe-flash-code-exec(59331)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59331"
"name" : "TLSA-2010-19", },
"refsource" : "TURBO", {
"url" : "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt" "name": "RHSA-2010:0464",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0464.html"
"name" : "TA10-162A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-162A.html" "name": "ADV-2010-1793",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1793"
"name" : "40759", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/40759" "name": "43026",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43026"
"name" : "40794", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/40794" "name": "ADV-2010-1432",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1432"
"name" : "oval:org.mitre.oval:def:6758", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6758" "name": "GLSA-201101-09",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"
"name" : "oval:org.mitre.oval:def:16283", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16283" "name": "TA10-162A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA10-162A.html"
"name" : "1024085", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1024085" "name": "APPLE-SA-2010-11-10-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
"name" : "1024086", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1024086" "name": "40759",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/40759"
"name" : "40144", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40144" "name": "oval:org.mitre.oval:def:16283",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16283"
"name" : "40545", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40545" "name": "1024085",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1024085"
"name" : "43026", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43026" "name": "SUSE-SR:2010:013",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
"name" : "ADV-2010-1453", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1453" "name": "1024086",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1024086"
"name" : "ADV-2010-1421", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1421" "name": "ADV-2010-1434",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1434"
"name" : "ADV-2010-1432", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1432" "name": "40794",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/40794"
"name" : "ADV-2010-1434", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1434" "name": "TLSA-2010-19",
}, "refsource": "TURBO",
{ "url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt"
"name" : "ADV-2010-1482", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1482" "name": "SSRT100179",
}, "refsource": "HP",
{ "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
"name" : "ADV-2010-1522", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1522" "name": "SUSE-SA:2010:024",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html"
"name" : "ADV-2010-1793", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1793" "name": "http://www.adobe.com/support/security/bulletins/apsb10-14.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html"
"name" : "ADV-2011-0192", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0192" "name": "40144",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/40144"
"name" : "adobe-flash-code-exec(59331)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59331" "name": "RHSA-2010:0470",
} "refsource": "REDHAT",
] "url": "http://www.redhat.com/support/errata/RHSA-2010-0470.html"
} },
} {
"name": "ADV-2010-1482",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1482"
},
{
"name": "HPSBMA02547",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name": "ADV-2010-1522",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1522"
},
{
"name": "ADV-2010-1453",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1453"
}
]
}
}

170
2010/2xxx/CVE-2010-2339.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2339", "ID": "CVE-2010-2339",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in admin/pages.php in Subdreamer CMS 3.x.x allows remote attackers to execute arbitrary SQL commands via the categoryids[] parameter in an update_pages action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100614 [MajorSecurity SA-073]Subdreamer CMS - SQL injection vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/511818" "lang": "eng",
}, "value": "SQL injection vulnerability in admin/pages.php in Subdreamer CMS 3.x.x allows remote attackers to execute arbitrary SQL commands via the categoryids[] parameter in an update_pages action."
{ }
"name" : "http://packetstormsecurity.org/1006-advisories/major_rls73.txt", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.org/1006-advisories/major_rls73.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.majorsecurity.net/subdreamer_cms_sql_injection.php", "description": [
"refsource" : "MISC", {
"url" : "http://www.majorsecurity.net/subdreamer_cms_sql_injection.php" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "40849", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/40849" ]
}, },
{ "references": {
"name" : "ADV-2010-1476", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1476" "name": "ADV-2010-1476",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1476"
"name" : "subdreamercms-pages-sql-injection(59441)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59441" "name": "40849",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/40849"
} },
} {
"name": "20100614 [MajorSecurity SA-073]Subdreamer CMS - SQL injection vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511818"
},
{
"name": "http://packetstormsecurity.org/1006-advisories/major_rls73.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1006-advisories/major_rls73.txt"
},
{
"name": "subdreamercms-pages-sql-injection(59441)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59441"
},
{
"name": "http://www.majorsecurity.net/subdreamer_cms_sql_injection.php",
"refsource": "MISC",
"url": "http://www.majorsecurity.net/subdreamer_cms_sql_injection.php"
}
]
}
}

130
2010/2xxx/CVE-2010-2409.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2010-2409", "ID": "CVE-2010-2409",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion Middleware 10.1.2.3 and 10.1.3.5 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2395 and CVE-2010-2410."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion Middleware 10.1.2.3 and 10.1.3.5 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2395 and CVE-2010-2410."
{ }
"name" : "TA10-287A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name": "TA10-287A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
}
]
}
}

34
2010/2xxx/CVE-2010-2490.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2490", "ID": "CVE-2010-2490",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2010/2xxx/CVE-2010-2559.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2010-2559", "ID": "CVE-2010-2559",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"Uninitialized Memory Corruption Vulnerability,\" a different vulnerability than CVE-2009-3671, CVE-2009-3674, CVE-2010-0245, and CVE-2010-0246."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS10-053", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-053" "lang": "eng",
}, "value": "Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"Uninitialized Memory Corruption Vulnerability,\" a different vulnerability than CVE-2009-3671, CVE-2009-3674, CVE-2010-0245, and CVE-2010-0246."
{ }
"name" : "TA10-222A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:11984", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11984" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "TA10-222A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
},
{
"name": "oval:org.mitre.oval:def:11984",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11984"
},
{
"name": "MS10-053",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-053"
}
]
}
}

130
2010/2xxx/CVE-2010-2789.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-2789", "ID": "CVE-2010-2789",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in MediaWikiParserTest.php in MediaWiki 1.16 beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[mediawiki-announce] 20100728 MediaWiki security release: 1.16.0 and 1.15.5", "description_data": [
"refsource" : "MLIST", {
"url" : "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in MediaWikiParserTest.php in MediaWiki 1.16 beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via unspecified vectors."
{ }
"name" : "[oss-security] 20100729 Re: CVE request: mediawiki", ]
"refsource" : "MLIST", },
"url" : "http://openwall.com/lists/oss-security/2010/07/29/4" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20100729 Re: CVE request: mediawiki",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/07/29/4"
},
{
"name": "[mediawiki-announce] 20100728 MediaWiki security release: 1.16.0 and 1.15.5",
"refsource": "MLIST",
"url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html"
}
]
}
}

130
2010/3xxx/CVE-2010-3031.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-3031", "ID": "CVE-2010-3031",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Wyse ThinOS HF 4.4.079i, and possibly other versions before ThinOS 6.5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string to the LPD service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.kb.cert.org/vuls/id/JALR-87AKR5", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.kb.cert.org/vuls/id/JALR-87AKR5" "lang": "eng",
}, "value": "Buffer overflow in Wyse ThinOS HF 4.4.079i, and possibly other versions before ThinOS 6.5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string to the LPD service."
{ }
"name" : "VU#320233", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/320233" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kb.cert.org/vuls/id/JALR-87AKR5",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/JALR-87AKR5"
},
{
"name": "VU#320233",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/320233"
}
]
}
}

260
2010/3xxx/CVE-2010-3072.json
View File

@ -1,132 +1,132 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-3072", "ID": "CVE-2010-3072",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20100905 CVE Request -- Squid -- Denial of service due internal error in string handling (SQUID-2010:3)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2010/09/05/2" "lang": "eng",
}, "value": "The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request."
{ }
"name" : "[oss-security] 20100907 Re: CVE Request -- Squid -- Denial of service due internal error in string handling (SQUID-2010:3)", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2010/09/07/7" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.squid-cache.org/Advisories/SQUID-2010_3.txt", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.squid-cache.org/Advisories/SQUID-2010_3.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9189.patch", ]
"refsource" : "CONFIRM", }
"url" : "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9189.patch" ]
}, },
{ "references": {
"name" : "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10090.patch", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10090.patch" "name": "FEDORA-2010-14236",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047820.html"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=630444", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=630444" "name": "[oss-security] 20100905 CVE Request -- Squid -- Denial of service due internal error in string handling (SQUID-2010:3)",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2010/09/05/2"
"name" : "DSA-2111", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2010/dsa-2111" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=630444",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630444"
"name" : "FEDORA-2010-14222", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047787.html" "name": "FEDORA-2010-14222",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047787.html"
"name" : "FEDORA-2010-14236", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047820.html" "name": "41298",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/41298"
"name" : "SUSE-SR:2010:019", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" "name": "ADV-2010-2433",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/2433"
"name" : "42982", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/42982" "name": "http://www.squid-cache.org/Advisories/SQUID-2010_3.txt",
}, "refsource": "CONFIRM",
{ "url": "http://www.squid-cache.org/Advisories/SQUID-2010_3.txt"
"name" : "41298", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/41298" "name": "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9189.patch",
}, "refsource": "CONFIRM",
{ "url": "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9189.patch"
"name" : "41477", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/41477" "name": "41477",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/41477"
"name" : "41534", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/41534" "name": "DSA-2111",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2010/dsa-2111"
"name" : "ADV-2010-2433", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2433" "name": "42982",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/42982"
} },
} {
"name": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10090.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10090.patch"
},
{
"name": "41534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41534"
},
{
"name": "SUSE-SR:2010:019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"name": "[oss-security] 20100907 Re: CVE Request -- Squid -- Denial of service due internal error in string handling (SQUID-2010:3)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/07/7"
}
]
}
}

150
2010/3xxx/CVE-2010-3743.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-3743", "ID": "CVE-2010-3743",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Visual Synapse HTTP Server 1.0 RC1 through RC3, and 0.60 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20101007 Syhunt Advisory: Visual Synapse HTTP Server Directory Traversal Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/514167/100/0/threaded" "lang": "eng",
}, "value": "Directory traversal vulnerability in Visual Synapse HTTP Server 1.0 RC1 through RC3, and 0.60 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the URI."
{ }
"name" : "15216", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/15216" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.syhunt.com/advisories/?id=vs-httpd-dirtrav", "description": [
"refsource" : "MISC", {
"url" : "http://www.syhunt.com/advisories/?id=vs-httpd-dirtrav" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "43830", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/43830" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://www.syhunt.com/advisories/?id=vs-httpd-dirtrav",
"refsource": "MISC",
"url": "http://www.syhunt.com/advisories/?id=vs-httpd-dirtrav"
},
{
"name": "20101007 Syhunt Advisory: Visual Synapse HTTP Server Directory Traversal Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514167/100/0/threaded"
},
{
"name": "43830",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43830"
},
{
"name": "15216",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15216"
}
]
}
}

340
2010/3xxx/CVE-2010-3777.json
View File

@ -1,172 +1,172 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-3777", "ID": "CVE-2010-3777",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Thunderbird 3.1.x before 3.1.7 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-74.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-74.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Thunderbird 3.1.x before 3.1.7 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=599607", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=599607" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.avaya.com/css/P8/documents/100124650", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/css/P8/documents/100124650" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2010-18773", ]
"refsource" : "FEDORA", }
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html" ]
}, },
{ "references": {
"name" : "FEDORA-2010-18775", "reference_data": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html" "name": "SUSE-SA:2011:003",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html"
"name" : "FEDORA-2010-18777", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052110.html" "name": "FEDORA-2010-18775",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html"
"name" : "FEDORA-2010-18778", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052220.html" "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-74.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-74.html"
"name" : "FEDORA-2010-18890", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html" "name": "MDVSA-2010:258",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:258"
"name" : "FEDORA-2010-18920", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html" "name": "MDVSA-2010:251",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:251"
"name" : "MDVSA-2010:251", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:251" "name": "http://support.avaya.com/css/P8/documents/100124650",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/css/P8/documents/100124650"
"name" : "MDVSA-2010:258", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:258" "name": "RHSA-2010:0966",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0966.html"
"name" : "RHSA-2010:0966", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0966.html" "name": "USN-1019-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1019-1"
"name" : "RHSA-2010:0969", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0969.html" "name": "RHSA-2010:0969",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0969.html"
"name" : "SUSE-SA:2011:003", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html" "name": "42818",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42818"
"name" : "USN-1019-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1019-1" "name": "1024846",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1024846"
"name" : "USN-1020-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1020-1" "name": "oval:org.mitre.oval:def:12468",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12468"
"name" : "45348", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/45348" "name": "FEDORA-2010-18778",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052220.html"
"name" : "oval:org.mitre.oval:def:12468", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12468" "name": "1024848",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1024848"
"name" : "1024846", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1024846" "name": "FEDORA-2010-18920",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html"
"name" : "1024848", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1024848" "name": "FEDORA-2010-18777",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052110.html"
"name" : "42716", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42716" "name": "ADV-2011-0030",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0030"
"name" : "42818", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42818" "name": "FEDORA-2010-18890",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html"
"name" : "ADV-2011-0030", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0030" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=599607",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=599607"
} },
} {
"name": "45348",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45348"
},
{
"name": "42716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42716"
},
{
"name": "USN-1020-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1020-1"
},
{
"name": "FEDORA-2010-18773",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html"
}
]
}
}

140
2010/4xxx/CVE-2010-4382.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4382", "ID": "CVE-2010-4382",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple heap-based buffer overflows in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allow remote attackers to have an unspecified impact via a crafted RealMedia file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://service.real.com/realplayer/security/12102010_player/en/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://service.real.com/realplayer/security/12102010_player/en/" "lang": "eng",
}, "value": "Multiple heap-based buffer overflows in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allow remote attackers to have an unspecified impact via a crafted RealMedia file."
{ }
"name" : "RHSA-2010:0981", ]
"refsource" : "REDHAT", },
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0981.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1024861", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1024861" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2010:0981",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0981.html"
},
{
"name": "1024861",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024861"
},
{
"name": "http://service.real.com/realplayer/security/12102010_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/12102010_player/en/"
}
]
}
}

140
2010/4xxx/CVE-2010-4756.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4756", "ID": "CVE-2010-4756",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20101007 Multiple Vendors libc/glob(3) resource exhaustion (+0day remote ftpd-anon)", "description_data": [
"refsource" : "SREASONRES", {
"url" : "http://securityreason.com/achievement_securityalert/89" "lang": "eng",
}, "value": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632."
{ }
"name" : "http://cxib.net/stuff/glob-0day.c", ]
"refsource" : "MISC", },
"url" : "http://cxib.net/stuff/glob-0day.c" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://securityreason.com/exploitalert/9223", "description": [
"refsource" : "MISC", {
"url" : "http://securityreason.com/exploitalert/9223" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20101007 Multiple Vendors libc/glob(3) resource exhaustion (+0day remote ftpd-anon)",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/89"
},
{
"name": "http://securityreason.com/exploitalert/9223",
"refsource": "MISC",
"url": "http://securityreason.com/exploitalert/9223"
},
{
"name": "http://cxib.net/stuff/glob-0day.c",
"refsource": "MISC",
"url": "http://cxib.net/stuff/glob-0day.c"
}
]
}
}

130
2010/4xxx/CVE-2010-4761.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4761", "ID": "CVE-2010-4761",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) before 3.0.0-beta3 does not properly restrict customer-visible data, which allows remote authenticated users to obtain potentially sensitive information from the (1) responsible, (2) owner, (3) accounted time, (4) pending until, and (5) lock fields by reading this dialog."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugs.otrs.org/show_bug.cgi?id=5875", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.otrs.org/show_bug.cgi?id=5875" "lang": "eng",
}, "value": "The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) before 3.0.0-beta3 does not properly restrict customer-visible data, which allows remote authenticated users to obtain potentially sensitive information from the (1) responsible, (2) owner, (3) accounted time, (4) pending until, and (5) lock fields by reading this dialog."
{ }
"name" : "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807", ]
"refsource" : "CONFIRM", },
"url" : "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.otrs.org/show_bug.cgi?id=5875",
"refsource": "CONFIRM",
"url": "http://bugs.otrs.org/show_bug.cgi?id=5875"
},
{
"name": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807",
"refsource": "CONFIRM",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
]
}
}

350
2011/1xxx/CVE-2011-1096.json
View File

@ -1,177 +1,177 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-1096", "ID": "CVE-2011-1096",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on SOAP responses, aka \"character encoding pattern attack.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://aktuell.ruhr-uni-bochum.de/pm2011/pm00330.html.de", "description_data": [
"refsource" : "MISC", {
"url" : "http://aktuell.ruhr-uni-bochum.de/pm2011/pm00330.html.de" "lang": "eng",
}, "value": "The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on SOAP responses, aka \"character encoding pattern attack.\""
{ }
"name" : "http://coheigea.blogspot.com/2012/04/note-on-cve-2011-1096.html", ]
"refsource" : "MISC", },
"url" : "http://coheigea.blogspot.com/2012/04/note-on-cve-2011-1096.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://dl.acm.org/citation.cfm?id=2046756&dl=ACM&coll=DL", "description": [
"refsource" : "MISC", {
"url" : "http://dl.acm.org/citation.cfm?id=2046756&dl=ACM&coll=DL" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.csoonline.com/article/692366/widely-used-encryption-standard-is-insecure-say-experts", ]
"refsource" : "MISC", }
"url" : "http://www.csoonline.com/article/692366/widely-used-encryption-standard-is-insecure-say-experts" ]
}, },
{ "references": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=681916", "reference_data": [
"refsource" : "MISC", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=681916" "name": "http://aktuell.ruhr-uni-bochum.de/pm2011/pm00330.html.de",
}, "refsource": "MISC",
{ "url": "http://aktuell.ruhr-uni-bochum.de/pm2011/pm00330.html.de"
"name" : "http://cxf.apache.org/note-on-cve-2011-1096.html", },
"refsource" : "CONFIRM", {
"url" : "http://cxf.apache.org/note-on-cve-2011-1096.html" "name": "http://cxf.apache.org/note-on-cve-2011-1096.html",
}, "refsource": "CONFIRM",
{ "url": "http://cxf.apache.org/note-on-cve-2011-1096.html"
"name" : "RHSA-2012:1301", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1301.html" "name": "RHSA-2012:1301",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1301.html"
"name" : "RHSA-2012:1344", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1344.html" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=681916",
}, "refsource": "MISC",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=681916"
"name" : "RHSA-2012:1330", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1330.html" "name": "RHSA-2013:0192",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0192.html"
"name" : "RHSA-2013:0191", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0191.html" "name": "RHSA-2013:0198",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0198.html"
"name" : "RHSA-2013:0192", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0192.html" "name": "http://coheigea.blogspot.com/2012/04/note-on-cve-2011-1096.html",
}, "refsource": "MISC",
{ "url": "http://coheigea.blogspot.com/2012/04/note-on-cve-2011-1096.html"
"name" : "RHSA-2013:0193", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0193.html" "name": "RHSA-2013:0195",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0195.html"
"name" : "RHSA-2013:0194", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0194.html" "name": "RHSA-2013:0221",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0221.html"
"name" : "RHSA-2013:0195", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0195.html" "name": "RHSA-2013:0196",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0196.html"
"name" : "RHSA-2013:0196", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0196.html" "name": "RHSA-2013:1437",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1437.html"
"name" : "RHSA-2013:0197", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0197.html" "name": "RHSA-2013:0193",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0193.html"
"name" : "RHSA-2013:0198", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0198.html" "name": "55770",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/55770"
"name" : "RHSA-2013:0221", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0221.html" "name": "51984",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51984"
"name" : "RHSA-2013:0261", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0261.html" "name": "52054",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/52054"
"name" : "RHSA-2013:1437", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1437.html" "name": "jboss-web-services-cbc-info-disc(79031)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79031"
"name" : "55770", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/55770" "name": "RHSA-2012:1344",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1344.html"
"name" : "51984", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51984" "name": "RHSA-2013:0261",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0261.html"
"name" : "52054", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/52054" "name": "RHSA-2013:0191",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0191.html"
"name" : "jboss-web-services-cbc-info-disc(79031)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79031" "name": "RHSA-2012:1330",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2012-1330.html"
} },
} {
"name": "RHSA-2013:0197",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0197.html"
},
{
"name": "RHSA-2013:0194",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0194.html"
},
{
"name": "http://dl.acm.org/citation.cfm?id=2046756&dl=ACM&coll=DL",
"refsource": "MISC",
"url": "http://dl.acm.org/citation.cfm?id=2046756&dl=ACM&coll=DL"
},
{
"name": "http://www.csoonline.com/article/692366/widely-used-encryption-standard-is-insecure-say-experts",
"refsource": "MISC",
"url": "http://www.csoonline.com/article/692366/widely-used-encryption-standard-is-insecure-say-experts"
}
]
}
}

150
2011/1xxx/CVE-2011-1442.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-1442", "ID": "CVE-2011-1442",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 11.0.696.57 does not properly handle mutation events, which allows remote attackers to cause a denial of service (node tree corruption) or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=75801", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=75801" "lang": "eng",
}, "value": "Google Chrome before 11.0.696.57 does not properly handle mutation events, which allows remote attackers to cause a denial of service (node tree corruption) or possibly have unspecified other impact via unknown vectors."
{ }
"name" : "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:13808", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13808" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "chrome-node-trees-code-execution(67149)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67149" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://code.google.com/p/chromium/issues/detail?id=75801",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=75801"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html"
},
{
"name": "chrome-node-trees-code-execution(67149)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67149"
},
{
"name": "oval:org.mitre.oval:def:13808",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13808"
}
]
}
}

140
2011/1xxx/CVE-2011-1967.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2011-1967", "ID": "CVE-2011-1967",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka \"CSRSS Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS11-063", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-063" "lang": "eng",
}, "value": "Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka \"CSRSS Vulnerability.\""
{ }
"name" : "TA11-221A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-221A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:12911", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12911" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "MS11-063",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-063"
},
{
"name": "oval:org.mitre.oval:def:12911",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12911"
},
{
"name": "TA11-221A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-221A.html"
}
]
}
}

160
2011/5xxx/CVE-2011-5010.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-5010", "ID": "CVE-2011-5010",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "apps/a3/cfg_ethping.cgi in the Ctek SkyRouter 4200 and 4300 allows remote attackers to execute arbitrary commands via shell metacharacters in the PINGADDRESS parameter for a \"u\" action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "18172", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/18172" "lang": "eng",
}, "value": "apps/a3/cfg_ethping.cgi in the Ctek SkyRouter 4200 and 4300 allows remote attackers to execute arbitrary commands via shell metacharacters in the PINGADDRESS parameter for a \"u\" action."
{ }
"name" : "http://dev.metasploit.com/redmine/issues/5610", ]
"refsource" : "MISC", },
"url" : "http://dev.metasploit.com/redmine/issues/5610" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "50867", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/50867" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "77497", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/77497" ]
}, },
{ "references": {
"name" : "47003", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/47003" "name": "http://dev.metasploit.com/redmine/issues/5610",
} "refsource": "MISC",
] "url": "http://dev.metasploit.com/redmine/issues/5610"
} },
} {
"name": "50867",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50867"
},
{
"name": "77497",
"refsource": "OSVDB",
"url": "http://osvdb.org/77497"
},
{
"name": "47003",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47003"
},
{
"name": "18172",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18172"
}
]
}
}

34
2014/3xxx/CVE-2014-3028.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-3028", "ID": "CVE-2014-3028",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2014/7xxx/CVE-2014-7140.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-7140", "ID": "CVE-2014-7140",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the management interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.x before 10.1-129.11 and 10.5 before 10.5-50.10 allows remote attackers to execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.citrix.com/article/CTX200206", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.citrix.com/article/CTX200206" "lang": "eng",
}, "value": "Unspecified vulnerability in the management interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.x before 10.1-129.11 and 10.5 before 10.5-50.10 allows remote attackers to execute arbitrary code via unknown vectors."
{ }
"name" : "1031129", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1031129" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.citrix.com/article/CTX200206",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX200206"
},
{
"name": "1031129",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031129"
}
]
}
}

140
2014/7xxx/CVE-2014-7539.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7539", "ID": "CVE-2014-7539",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Zhang Zhijun Taiwan Visit 2014-06-25 (aka com.zizizzi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Zhang Zhijun Taiwan Visit 2014-06-25 (aka com.zizizzi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#372969", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/372969" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#372969",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/372969"
}
]
}
}

34
2014/8xxx/CVE-2014-8179.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8179", "ID": "CVE-2014-8179",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2014/8xxx/CVE-2014-8218.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-8218", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-8218",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
} }
] ]
} }
} }

130
2014/8xxx/CVE-2014-8340.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8340", "ID": "CVE-2014-8340",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Php/Functions/log_function.php in phpTrafficA 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via a User-Agent HTTP header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20141209 [CVE-2014-8340] phpTrafficA SQL injection", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/534184/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in Php/Functions/log_function.php in phpTrafficA 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via a User-Agent HTTP header."
{ }
"name" : "http://packetstormsecurity.com/files/129445/phpTrafficA-2.3-SQL-Injection.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/129445/phpTrafficA-2.3-SQL-Injection.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141209 [CVE-2014-8340] phpTrafficA SQL injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534184/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/129445/phpTrafficA-2.3-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129445/phpTrafficA-2.3-SQL-Injection.html"
}
]
}
}

130
2014/8xxx/CVE-2014-8903.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2014-8903", "ID": "CVE-2014-8903",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21700098", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21700098" "lang": "eng",
}, "value": "IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors."
{ }
"name" : "73947", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/73947" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "73947",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73947"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21700098",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700098"
}
]
}
}

170
2014/9xxx/CVE-2014-9066.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9066", "ID": "CVE-2014-9066",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability than CVE-2014-9065."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20141208 Xen Security Advisory 114 (CVE-2014-9065,CVE-2014-9066) - p2m lock starvation", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2014/12/08/4" "lang": "eng",
}, "value": "Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability than CVE-2014-9065."
{ }
"name" : "http://xenbits.xen.org/xsa/advisory-114.html", ]
"refsource" : "CONFIRM", },
"url" : "http://xenbits.xen.org/xsa/advisory-114.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-201504-04", "description": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201504-04" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "openSUSE-SU-2015:0226", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2015:0256", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html" "name": "http://xenbits.xen.org/xsa/advisory-114.html",
}, "refsource": "CONFIRM",
{ "url": "http://xenbits.xen.org/xsa/advisory-114.html"
"name" : "71546", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/71546" "name": "GLSA-201504-04",
} "refsource": "GENTOO",
] "url": "https://security.gentoo.org/glsa/201504-04"
} },
} {
"name": "openSUSE-SU-2015:0226",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html"
},
{
"name": "71546",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71546"
},
{
"name": "openSUSE-SU-2015:0256",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html"
},
{
"name": "[oss-security] 20141208 Xen Security Advisory 114 (CVE-2014-9065,CVE-2014-9066) - p2m lock starvation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/12/08/4"
}
]
}
}

140
2014/9xxx/CVE-2014-9316.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9316", "ID": "CVE-2014-9316",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via vectors related to LJIF tags in an MJPEG file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0eecf40935b22644e6cd74c586057237ecfd6844", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0eecf40935b22644e6cd74c586057237ecfd6844" "lang": "eng",
}, "value": "The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via vectors related to LJIF tags in an MJPEG file."
{ }
"name" : "https://www.ffmpeg.org/security.html", ]
"refsource" : "CONFIRM", },
"url" : "https://www.ffmpeg.org/security.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-201603-06", "description": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201603-06" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0eecf40935b22644e6cd74c586057237ecfd6844",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0eecf40935b22644e6cd74c586057237ecfd6844"
},
{
"name": "GLSA-201603-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-06"
},
{
"name": "https://www.ffmpeg.org/security.html",
"refsource": "CONFIRM",
"url": "https://www.ffmpeg.org/security.html"
}
]
}
}

150
2016/2xxx/CVE-2016-2487.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-2487", "ID": "CVE-2016-2487",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27833616."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://source.android.com/security/bulletin/2016-06-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://source.android.com/security/bulletin/2016-06-01.html" "lang": "eng",
}, "value": "libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27833616."
{ }
"name" : "https://android.googlesource.com/platform/frameworks/av/+/4e32001e4196f39ddd0b86686ae0231c8f5ed944", ]
"refsource" : "CONFIRM", },
"url" : "https://android.googlesource.com/platform/frameworks/av/+/4e32001e4196f39ddd0b86686ae0231c8f5ed944" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://android.googlesource.com/platform/frameworks/av/+/918eeaa29d99d257282fafec931b4bda0e3bae12", "description": [
"refsource" : "CONFIRM", {
"url" : "https://android.googlesource.com/platform/frameworks/av/+/918eeaa29d99d257282fafec931b4bda0e3bae12" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://android.googlesource.com/platform/frameworks/av/+/d2f47191538837e796e2b10c1ff7e1ee35f6e0ab", ]
"refsource" : "CONFIRM", }
"url" : "https://android.googlesource.com/platform/frameworks/av/+/d2f47191538837e796e2b10c1ff7e1ee35f6e0ab" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://android.googlesource.com/platform/frameworks/av/+/d2f47191538837e796e2b10c1ff7e1ee35f6e0ab",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/d2f47191538837e796e2b10c1ff7e1ee35f6e0ab"
},
{
"name": "https://android.googlesource.com/platform/frameworks/av/+/4e32001e4196f39ddd0b86686ae0231c8f5ed944",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/4e32001e4196f39ddd0b86686ae0231c8f5ed944"
},
{
"name": "https://android.googlesource.com/platform/frameworks/av/+/918eeaa29d99d257282fafec931b4bda0e3bae12",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/918eeaa29d99d257282fafec931b4bda0e3bae12"
},
{
"name": "http://source.android.com/security/bulletin/2016-06-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-06-01.html"
}
]
}
}

200
2016/2xxx/CVE-2016-2532.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-2532", "ID": "CVE-2016-2532",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLRP dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 does not limit the recursion depth, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.wireshark.org/security/wnpa-sec-2016-11.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.wireshark.org/security/wnpa-sec-2016-11.html" "lang": "eng",
}, "value": "The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLRP dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 does not limit the recursion depth, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet."
{ }
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12048", ]
"refsource" : "CONFIRM", },
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12048" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4a2cd6c79ecbf2cb21f985f01ce1c1e3030285ec", "description": [
"refsource" : "CONFIRM", {
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4a2cd6c79ecbf2cb21f985f01ce1c1e3030285ec" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" ]
}, },
{ "references": {
"name" : "DSA-3516", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2016/dsa-3516" "name": "openSUSE-SU-2016:0661",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00016.html"
"name" : "GLSA-201604-05", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201604-05" "name": "openSUSE-SU-2016:0660",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00015.html"
"name" : "openSUSE-SU-2016:0660", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00015.html" "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12048",
}, "refsource": "CONFIRM",
{ "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12048"
"name" : "openSUSE-SU-2016:0661", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00016.html" "name": "DSA-3516",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2016/dsa-3516"
"name" : "1035118", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1035118" "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4a2cd6c79ecbf2cb21f985f01ce1c1e3030285ec",
} "refsource": "CONFIRM",
] "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4a2cd6c79ecbf2cb21f985f01ce1c1e3030285ec"
} },
} {
"name": "http://www.wireshark.org/security/wnpa-sec-2016-11.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2016-11.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "GLSA-201604-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201604-05"
},
{
"name": "1035118",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035118"
}
]
}
}

210
2016/6xxx/CVE-2016-6323.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2016-6323", "ID": "CVE-2016-6323",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160818 CVE-2016-6323: Missing unwind information on ARM EABI (32-bit) causes backtrace generation to hang", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/08/18/12" "lang": "eng",
}, "value": "The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation."
{ }
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=20435", ]
"refsource" : "CONFIRM", },
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=20435" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9e2ff6c9cc54c0b4402b8d49e4abe7000fde7617", "description": [
"refsource" : "CONFIRM", {
"url" : "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9e2ff6c9cc54c0b4402b8d49e4abe7000fde7617" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", ]
"refsource" : "CONFIRM", }
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" ]
}, },
{ "references": {
"name" : "FEDORA-2016-57cba655d5", "reference_data": [
"refsource" : "FEDORA", {
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVWSAZVBTLALXF4SCBPDV3FY6J22DXLZ/" "name": "FEDORA-2016-87dde780b8",
}, "refsource": "FEDORA",
{ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WO7IMEYWZ2WTXGGMZBWWSDCUMFN63XOB/"
"name" : "FEDORA-2016-5f050a0a6d", },
"refsource" : "FEDORA", {
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KTXSOVCRDGBIB4WCIDAGYYUBESXZ4IGK/" "name": "92532",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/92532"
"name" : "FEDORA-2016-87dde780b8", },
"refsource" : "FEDORA", {
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WO7IMEYWZ2WTXGGMZBWWSDCUMFN63XOB/" "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039",
}, "refsource": "CONFIRM",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
"name" : "GLSA-201706-19", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201706-19" "name": "FEDORA-2016-5f050a0a6d",
}, "refsource": "FEDORA",
{ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KTXSOVCRDGBIB4WCIDAGYYUBESXZ4IGK/"
"name" : "openSUSE-SU-2016:2443", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2016-10/msg00009.html" "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=20435",
}, "refsource": "CONFIRM",
{ "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20435"
"name" : "92532", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/92532" "name": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9e2ff6c9cc54c0b4402b8d49e4abe7000fde7617",
} "refsource": "CONFIRM",
] "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9e2ff6c9cc54c0b4402b8d49e4abe7000fde7617"
} },
} {
"name": "GLSA-201706-19",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-19"
},
{
"name": "FEDORA-2016-57cba655d5",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVWSAZVBTLALXF4SCBPDV3FY6J22DXLZ/"
},
{
"name": "[oss-security] 20160818 CVE-2016-6323: Missing unwind information on ARM EABI (32-bit) causes backtrace generation to hang",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/08/18/12"
},
{
"name": "openSUSE-SU-2016:2443",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-10/msg00009.html"
}
]
}
}

150
2016/6xxx/CVE-2016-6382.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2016-6382", "ID": "CVE-2016-6382",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS 15.2 through 15.6 and IOS XE 3.6 through 3.17 and 16.1 allow remote attackers to cause a denial of service (device restart) via a malformed IPv6 Protocol Independent Multicast (PIM) register packet, aka Bug ID CSCuy16399."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-04", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-04" "lang": "eng",
}, "value": "Cisco IOS 15.2 through 15.6 and IOS XE 3.6 through 3.17 and 16.1 allow remote attackers to cause a denial of service (device restart) via a malformed IPv6 Protocol Independent Multicast (PIM) register packet, aka Bug ID CSCuy16399."
{ }
"name" : "20160928 Cisco IOS and IOS XE Software Multicast Routing Denial of Service Vulnerabilities", ]
"refsource" : "CISCO", },
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-msdp" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "93211", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/93211" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1036914", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1036914" ]
} },
] "references": {
} "reference_data": [
} {
"name": "1036914",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036914"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-04",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-04"
},
{
"name": "20160928 Cisco IOS and IOS XE Software Multicast Routing Denial of Service Vulnerabilities",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-msdp"
},
{
"name": "93211",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93211"
}
]
}
}

162
2016/6xxx/CVE-2016-6545.json
View File

@ -1,83 +1,83 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cert@cert.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2016-6545", "ID": "CVE-2016-6545",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "iTrack Easy does not use session cookies to maintain sessions and POSTs the users password over HTTPS for each request" "TITLE": "iTrack Easy does not use session cookies to maintain sessions and POSTs the users password over HTTPS for each request"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Easy", "product_name": "Easy",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "?", "affected": "?",
"version_value" : "N/A" "version_value": "N/A"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "iTrack" "vendor_name": "iTrack"
} }
]
}
},
"credit" : [
{
"lang" : "eng",
"value" : "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Session cookies are not used for maintaining valid sessions in iTrack Easy. The user's password is passed as a POST parameter over HTTPS using a base64 encoded passwd field on every request. In this implementation, sessions can only be terminated when the user changes the associated password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-613: Insufficient Session Expiration"
}
] ]
} }
] },
}, "credit": [
"references" : { {
"reference_data" : [ "lang": "eng",
{ "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
"name" : "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/", }
"refsource" : "MISC", ],
"url" : "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/" "data_format": "MITRE",
}, "data_type": "CVE",
{ "data_version": "4.0",
"name" : "VU#974055", "description": {
"refsource" : "CERT-VN", "description_data": [
"url" : "https://www.kb.cert.org/vuls/id/974055" {
}, "lang": "eng",
{ "value": "Session cookies are not used for maintaining valid sessions in iTrack Easy. The user's password is passed as a POST parameter over HTTPS using a base64 encoded passwd field on every request. In this implementation, sessions can only be terminated when the user changes the associated password."
"name" : "93875", }
"refsource" : "BID", ]
"url" : "http://www.securityfocus.com/bid/93875" },
} "problemtype": {
] "problemtype_data": [
}, {
"source" : { "description": [
"discovery" : "UNKNOWN" {
} "lang": "eng",
} "value": "CWE-613: Insufficient Session Expiration"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#974055",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/974055"
},
{
"name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
},
{
"name": "93875",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93875"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

140
2016/6xxx/CVE-2016-6607.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-6607", "ID": "CVE-2016-6607",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XSS issues were discovered in phpMyAdmin. This affects Zoom search (specially crafted column content can be used to trigger an XSS attack); GIS editor (certain fields in the graphical GIS editor are not properly escaped and can be used to trigger an XSS attack); Relation view; the following Transformations: Formatted, Imagelink, JPEG: Upload, RegexValidation, JPEG inline, PNG inline, and transformation wrapper; XML export; MediaWiki export; Designer; When the MySQL server is running with a specially-crafted log_bin directive; Database tab; Replication feature; and Database search. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.phpmyadmin.net/security/PMASA-2016-30", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.phpmyadmin.net/security/PMASA-2016-30" "lang": "eng",
}, "value": "XSS issues were discovered in phpMyAdmin. This affects Zoom search (specially crafted column content can be used to trigger an XSS attack); GIS editor (certain fields in the graphical GIS editor are not properly escaped and can be used to trigger an XSS attack); Relation view; the following Transformations: Formatted, Imagelink, JPEG: Upload, RegexValidation, JPEG inline, PNG inline, and transformation wrapper; XML export; MediaWiki export; Designer; When the MySQL server is running with a specially-crafted log_bin directive; Database tab; Replication feature; and Database search. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected."
{ }
"name" : "GLSA-201701-32", ]
"refsource" : "GENTOO", },
"url" : "https://security.gentoo.org/glsa/201701-32" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "93257", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/93257" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "93257",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93257"
},
{
"name": "https://www.phpmyadmin.net/security/PMASA-2016-30",
"refsource": "CONFIRM",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-30"
},
{
"name": "GLSA-201701-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-32"
}
]
}
}

160
2016/6xxx/CVE-2016-6717.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-6717", "ID": "CVE-2016-6717",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android-4.4.4" "version_value": "Android-4.4.4"
}, },
{ {
"version_value" : "Android-5.0.2" "version_value": "Android-5.0.2"
}, },
{ {
"version_value" : "Android-5.1.1" "version_value": "Android-5.1.1"
}, },
{ {
"version_value" : "Android-6.0" "version_value": "Android-6.0"
}, },
{ {
"version_value" : "Android-6.0.1" "version_value": "Android-6.0.1"
}, },
{ {
"version_value" : "Android-7.0" "version_value": "Android-7.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires exploitation of a separate vulnerability. Android ID: A-31350239."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2016-11-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2016-11-01.html" "lang": "eng",
}, "value": "An elevation of privilege vulnerability in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires exploitation of a separate vulnerability. Android ID: A-31350239."
{ }
"name" : "94178", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/94178" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2016-11-01.html"
},
{
"name": "94178",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94178"
}
]
}
}

34
2016/7xxx/CVE-2016-7058.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-7058", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-7058",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none."
} }
] ]
} }
} }

130
2016/7xxx/CVE-2016-7439.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-7439", "ID": "CVE-2016-7439",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The C software implementation of RSA in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://wolfssl.com/wolfSSL/Blog/Entries/2016/9/26_wolfSSL_3.9.10_Vulnerability_Fixes.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://wolfssl.com/wolfSSL/Blog/Entries/2016/9/26_wolfSSL_3.9.10_Vulnerability_Fixes.html" "lang": "eng",
}, "value": "The C software implementation of RSA in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences."
{ }
"name" : "95050", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95050" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wolfssl.com/wolfSSL/Blog/Entries/2016/9/26_wolfSSL_3.9.10_Vulnerability_Fixes.html",
"refsource": "CONFIRM",
"url": "https://wolfssl.com/wolfSSL/Blog/Entries/2016/9/26_wolfSSL_3.9.10_Vulnerability_Fixes.html"
},
{
"name": "95050",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95050"
}
]
}
}

120
2017/5xxx/CVE-2017-5642.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@apache.org", "ASSIGNER": "security@apache.org",
"ID" : "CVE-2017-5642", "ID": "CVE-2017-5642",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Apache Ambari", "product_name": "Apache Ambari",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.4.0 through 2.4.2" "version_value": "2.4.0 through 2.4.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Apache Software Foundation" "vendor_name": "Apache Software Foundation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artifacts are not created with proper ACLs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unprotected file permissions"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.5.0", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.5.0" "lang": "eng",
} "value": "During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artifacts are not created with proper ACLs."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unprotected file permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.5.0",
"refsource": "CONFIRM",
"url": "https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.5.0"
}
]
}
}

132
2017/5xxx/CVE-2017-5821.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security-alert@hpe.com", "ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC" : "2017-05-11T00:00:00", "DATE_PUBLIC": "2017-05-11T00:00:00",
"ID" : "CVE-2017-5821", "ID": "CVE-2017-5821",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Intelligent Management Center (iMC) PLAT", "product_name": "Intelligent Management Center (iMC) PLAT",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "PLAT 7.3 E0504P04" "version_value": "PLAT 7.3 E0504P04"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Hewlett Packard Enterprise" "vendor_name": "Hewlett Packard Enterprise"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03746en_us", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03746en_us" "lang": "eng",
}, "value": "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found."
{ }
"name" : "1038560", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1038560" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038560",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038560"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03746en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03746en_us"
}
]
}
}