admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 21:32:22 +00:00
parent 8017059825
commit ca5333b894
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
63 changed files with 4962 additions and 4962 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

268
2006/0xxx/CVE-2006-0052.json
View File

@ -1,137 +1,137 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2006-0052", "ID": "CVE-2006-0052",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "DSA-1027", "description_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1027" "lang": "eng",
}, "value": "The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary."
{ }
"name" : "MDKSA-2006:061", ]
"refsource" : "MANDRIVA", },
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:061" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2006:0486", "description": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0486.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20060602-01-U", ]
"refsource" : "SGI", }
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc" ]
}, },
{ "references": {
"name" : "SUSE-SR:2006:008", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2006_08_sr.html" "name": "19522",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19522"
"name" : "USN-267-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/267-1/" "name": "20782",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20782"
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=358892", },
"refsource" : "CONFIRM", {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=358892" "name": "oval:org.mitre.oval:def:9475",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9475"
"name" : "17311", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/17311" "name": "17311",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/17311"
"name" : "24367", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/24367" "name": "20624",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20624"
"name" : "oval:org.mitre.oval:def:9475", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9475" "name": "20060602-01-U",
}, "refsource": "SGI",
{ "url": "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc"
"name" : "1015851", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015851" "name": "DSA-1027",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1027"
"name" : "19545", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19545" "name": "RHSA-2006:0486",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0486.html"
"name" : "19522", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19522" "name": "SUSE-SR:2006:008",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2006_08_sr.html"
"name" : "19571", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19571" "name": "MDKSA-2006:061",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:061"
"name" : "20624", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20624" "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=358892",
}, "refsource": "CONFIRM",
{ "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=358892"
"name" : "20782", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20782" "name": "1015851",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1015851"
} },
{
"name": "19545",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19545"
},
{
"name": "19571",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19571"
},
{
"name": "USN-267-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/267-1/"
},
{
"name": "24367",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24367"
}
]
}
} }

32
2006/0xxx/CVE-2006-0092.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2006-0092", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2006-0092",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0992, CVE-2006-0158. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a Novell/Groupwise issue. In addition, this issue was a duplicate of a SiteSuite issue that was also assigned CVE-2006-0158. Notes: All CVE users should consult CVE-2006-0992 and CVE-2006-0158 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0992, CVE-2006-0158. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a Novell/Groupwise issue. In addition, this issue was a duplicate of a SiteSuite issue that was also assigned CVE-2006-0158. Notes: All CVE users should consult CVE-2006-0992 and CVE-2006-0158 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

168
2006/0xxx/CVE-2006-0098.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0098", "ID": "CVE-2006-0098",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7 and 3.8 allows local users to re-open arbitrary files by using setuid programs to access file descriptors using /dev/fd/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[3.7] 20060105 008: SECURITY FIX: January 5, 2006", "description_data": [
"refsource" : "OPENBSD", {
"url" : "http://www.openbsd.org/errata37.html#fd" "lang": "eng",
}, "value": "The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7 and 3.8 allows local users to re-open arbitrary files by using setuid programs to access file descriptors using /dev/fd/."
{ }
"name" : "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/008_fd.patch", ]
"refsource" : "MISC", },
"url" : "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/008_fd.patch" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16144", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16144" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "22231", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/22231" ]
}, },
{ "references": {
"name" : "1015437", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015437" "name": "22231",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/22231"
"name" : "18296", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18296" "name": "16144",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/16144"
} },
{
"name": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/008_fd.patch",
"refsource": "MISC",
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/008_fd.patch"
},
{
"name": "1015437",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015437"
},
{
"name": "[3.7] 20060105 008: SECURITY FIX: January 5, 2006",
"refsource": "OPENBSD",
"url": "http://www.openbsd.org/errata37.html#fd"
},
{
"name": "18296",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18296"
}
]
}
} }

168
2006/0xxx/CVE-2006-0346.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0346", "ID": "CVE-2006-0346",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in SaralBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via a website field in a new comment to view.php, which is not properly handled in the comment function in functions.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060118 [eVuln] SaralBlog XSS & Multiple SQL Injection Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-01/0372.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in SaralBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via a website field in a new comment to view.php, which is not properly handled in the comment function in functions.php."
{ }
"name" : "http://evuln.com/vulns/40/summary.html", ]
"refsource" : "MISC", },
"url" : "http://evuln.com/vulns/40/summary.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16306", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16306" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "27907", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/27907" ]
}, },
{ "references": {
"name" : "1015517", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015517" "name": "16306",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/16306"
"name" : "saralblog-view-xss(24219)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24219" "name": "saralblog-view-xss(24219)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24219"
} },
{
"name": "27907",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27907"
},
{
"name": "1015517",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015517"
},
{
"name": "20060118 [eVuln] SaralBlog XSS & Multiple SQL Injection Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-01/0372.html"
},
{
"name": "http://evuln.com/vulns/40/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/40/summary.html"
}
]
}
} }

158
2006/0xxx/CVE-2006-0355.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0355", "ID": "CVE-2006-0355",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Helmsman Research (aka CoolUtils) HomeFtp 1.1 allows remote attackers to cause an unspecified denial of service via a long USER command combined with a long PASS command and an NLST command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060114 [KAPDA::#21] - HomeFtp v1.1 Denial of Service", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/421869/100/0/threaded" "lang": "eng",
}, "value": "Helmsman Research (aka CoolUtils) HomeFtp 1.1 allows remote attackers to cause an unspecified denial of service via a long USER command combined with a long PASS command and an NLST command."
{ }
"name" : "http://www.kapda.ir/advisory-202.html", ]
"refsource" : "MISC", },
"url" : "http://www.kapda.ir/advisory-202.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16238", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16238" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "350", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/350" ]
}, },
{ "references": {
"name" : "homeftp-long-command-dos(24152)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24152" "name": "homeftp-long-command-dos(24152)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24152"
} },
{
"name": "20060114 [KAPDA::#21] - HomeFtp v1.1 Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421869/100/0/threaded"
},
{
"name": "16238",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16238"
},
{
"name": "http://www.kapda.ir/advisory-202.html",
"refsource": "MISC",
"url": "http://www.kapda.ir/advisory-202.html"
},
{
"name": "350",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/350"
}
]
}
} }

158
2006/0xxx/CVE-2006-0664.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0664", "ID": "CVE-2006-0664",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "DSA-1133", "description_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1133" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public."
{ }
"name" : "16561", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/16561" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-0485", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/0485" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "21400", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/21400" ]
}, },
{ "references": {
"name" : "mantis-configdefaultsinc-xss(24585)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24585" "name": "mantis-configdefaultsinc-xss(24585)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24585"
} },
{
"name": "ADV-2006-0485",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0485"
},
{
"name": "21400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "16561",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16561"
}
]
}
} }

148
2006/1xxx/CVE-2006-1076.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1076", "ID": "CVE-2006-1076",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php, possibly during a showtopic operation, in Invision Power Board (IPB) 2.1.5 allows remote attackers to execute arbitrary SQL commands via the st parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060306 SQL injection in Invision Power Board v2.1.5", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/426875/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in index.php, possibly during a showtopic operation, in Invision Power Board (IPB) 2.1.5 allows remote attackers to execute arbitrary SQL commands via the st parameter."
{ }
"name" : "20060405 Re: SQL injection in Invision Power Board v2.1.5", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/430357/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16971", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16971" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "invision-index-sql-injection(25254)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25254" ]
} },
] "references": {
} "reference_data": [
{
"name": "invision-index-sql-injection(25254)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25254"
},
{
"name": "20060306 SQL injection in Invision Power Board v2.1.5",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426875/100/0/threaded"
},
{
"name": "16971",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16971"
},
{
"name": "20060405 Re: SQL injection in Invision Power Board v2.1.5",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430357/100/0/threaded"
}
]
}
} }

168
2006/1xxx/CVE-2006-1159.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1159", "ID": "CVE-2006-1159",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in the query string argument in an HTTP GET request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060309 Easy File Sharing Web Server Multiple Vulnerablilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/427158/100/0/threaded" "lang": "eng",
}, "value": "Format string vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in the query string argument in an HTTP GET request."
{ }
"name" : "17046", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/17046" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-0912", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/0912" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "23792", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/23792" ]
}, },
{ "references": {
"name" : "19178", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19178" "name": "23792",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/23792"
"name" : "easyfilesharing-logging-dos(25135)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25135" "name": "ADV-2006-0912",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/0912"
} },
{
"name": "17046",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17046"
},
{
"name": "19178",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19178"
},
{
"name": "20060309 Easy File Sharing Web Server Multiple Vulnerablilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427158/100/0/threaded"
},
{
"name": "easyfilesharing-logging-dos(25135)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25135"
}
]
}
} }

198
2006/1xxx/CVE-2006-1462.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1462", "ID": "CVE-2006-1462",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime H.264 (M4V) video format file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060512 Apple QuickDraw/QuickTime Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/433831/100/0/threaded" "lang": "eng",
}, "value": "Multiple integer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime H.264 (M4V) video format file."
{ }
"name" : "APPLE-SA-2006-05-11", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2006/May/msg00002.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "TA06-132B", "description": [
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-132B.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "17953", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/17953" ]
}, },
{ "references": {
"name" : "ADV-2006-1778", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1778" "name": "20069",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20069"
"name" : "1016067", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016067" "name": "APPLE-SA-2006-05-11",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2006/May/msg00002.html"
"name" : "20069", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20069" "name": "1016067",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016067"
"name" : "887", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/887" "name": "TA06-132B",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA06-132B.html"
"name" : "quicktime-h264-overflow(26395)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26395" "name": "887",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/887"
} },
{
"name": "17953",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17953"
},
{
"name": "ADV-2006-1778",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1778"
},
{
"name": "quicktime-h264-overflow(26395)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26395"
},
{
"name": "20060512 Apple QuickDraw/QuickTime Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433831/100/0/threaded"
}
]
}
} }

188
2006/1xxx/CVE-2006-1690.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1690", "ID": "CVE-2006-1690",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in subscribe.php in MWNewsletter 1.0.0b allows remote attackers to inject arbitrary web script or HTML via the user_name parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060421 [eVuln] MWNewsletter SQL Injection and XSS Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-04/0447.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in subscribe.php in MWNewsletter 1.0.0b allows remote attackers to inject arbitrary web script or HTML via the user_name parameter."
{ }
"name" : "http://evuln.com/vulns/123/summary.html", ]
"refsource" : "MISC", },
"url" : "http://evuln.com/vulns/123/summary.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "17412", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/17412" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-1270", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/1270" ]
}, },
{ "references": {
"name" : "24446", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/24446" "name": "752",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/752"
"name" : "19568", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19568" "name": "19568",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19568"
"name" : "752", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/752" "name": "ADV-2006-1270",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/1270"
"name" : "mwnewsletter-subscribe-xss(25684)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25684" "name": "mwnewsletter-subscribe-xss(25684)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25684"
} },
{
"name": "17412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17412"
},
{
"name": "24446",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24446"
},
{
"name": "20060421 [eVuln] MWNewsletter SQL Injection and XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-04/0447.html"
},
{
"name": "http://evuln.com/vulns/123/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/123/summary.html"
}
]
}
} }

138
2006/1xxx/CVE-2006-1903.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1903", "ID": "CVE-2006-1903",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila allow remote attackers to inject arbitrary web script or HTML (1) via the referer parameter in sendMail, and via attributes of (2) the A element and certain other HTML elements in web pages edited with the editInBrowser module. NOTE: the msgReader$1 mode attack vector is already covered by CVE-2006-1769."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060414 manila.userland cross site scriptable", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/431058/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila allow remote attackers to inject arbitrary web script or HTML (1) via the referer parameter in sendMail, and via attributes of (2) the A element and certain other HTML elements in web pages edited with the editInBrowser module. NOTE: the msgReader$1 mode attack vector is already covered by CVE-2006-1769."
{ }
"name" : "17563", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/17563" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "17565", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/17565" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "17565",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17565"
},
{
"name": "17563",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17563"
},
{
"name": "20060414 manila.userland cross site scriptable",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431058/100/0/threaded"
}
]
}
} }

168
2006/4xxx/CVE-2006-4510.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4510", "ID": "CVE-2006-4510",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request containing a value that is larger than the number of objects transmitted, which triggers an invalid free of unallocated memory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061022 Novell eDirectory evtFilteredMonitorEventsRequest Invalid Free Vulnerability", "description_data": [
"refsource" : "IDEFENSE", {
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=428" "lang": "eng",
}, "value": "The evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request containing a value that is larger than the number of objects transmitted, which triggers an invalid free of unallocated memory."
{ }
"name" : "20663", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/20663" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-4142", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4142" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1017104", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1017104" ]
}, },
{ "references": {
"name" : "22506", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22506" "name": "20663",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/20663"
"name" : "edirectory-eventsrequest-code-execution(29752)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29752" "name": "edirectory-eventsrequest-code-execution(29752)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29752"
} },
{
"name": "20061022 Novell eDirectory evtFilteredMonitorEventsRequest Invalid Free Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=428"
},
{
"name": "22506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22506"
},
{
"name": "1017104",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017104"
},
{
"name": "ADV-2006-4142",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4142"
}
]
}
} }

158
2006/4xxx/CVE-2006-4659.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4659", "ID": "CVE-2006-4659",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses predictable URLs for the spam classification of each message, which allows remote attackers to cause Panda to classify arbitrary messages as spam via a web page that contains IMG tags with the predictable URLs. NOTE: this issue could also be regarded as a cross-site request forgery (CSRF) vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060907 SECURITY.NNOV: Panda Platinum Internet Security privilege escalation / bayesian filter control security vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/445479/100/0/threaded" "lang": "eng",
}, "value": "The Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses predictable URLs for the spam classification of each message, which allows remote attackers to cause Panda to classify arbitrary messages as spam via a web page that contains IMG tags with the predictable URLs. NOTE: this issue could also be regarded as a cross-site request forgery (CSRF) vulnerability."
{ }
"name" : "http://www.security.nnov.ru/advisories/pandais.asp", ]
"refsource" : "MISC", },
"url" : "http://www.security.nnov.ru/advisories/pandais.asp" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "19891", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/19891" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "21769", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/21769" ]
}, },
{ "references": {
"name" : "1524", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1524" "name": "1524",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/1524"
} },
{
"name": "20060907 SECURITY.NNOV: Panda Platinum Internet Security privilege escalation / bayesian filter control security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445479/100/0/threaded"
},
{
"name": "19891",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19891"
},
{
"name": "http://www.security.nnov.ru/advisories/pandais.asp",
"refsource": "MISC",
"url": "http://www.security.nnov.ru/advisories/pandais.asp"
},
{
"name": "21769",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21769"
}
]
}
} }

158
2006/4xxx/CVE-2006-4827.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4827", "ID": "CVE-2006-4827",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Vmist Downstat 1.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the art parameter to (1) admin.php, (2) chart.php, (3) modes.php, or (4) stats.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "2359", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2359" "lang": "eng",
}, "value": "Multiple PHP remote file inclusion vulnerabilities in Vmist Downstat 1.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the art parameter to (1) admin.php, (2) chart.php, (3) modes.php, or (4) stats.php."
{ }
"name" : "20007", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/20007" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-3594", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3594" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "21914", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/21914" ]
}, },
{ "references": {
"name" : "downstat-art-file-include(28916)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28916" "name": "ADV-2006-3594",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/3594"
} },
{
"name": "2359",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2359"
},
{
"name": "20007",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20007"
},
{
"name": "21914",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21914"
},
{
"name": "downstat-art-file-include(28916)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28916"
}
]
}
} }

178
2006/4xxx/CVE-2006-4832.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4832", "ID": "CVE-2006-4832",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the telnet service in Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx 10.x.x (R2) and earlier, and SDM-92xx 9.x.x (R1) and earlier allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via a long username."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060913 NetPerformer FRAD ACT Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/445883/100/0/threaded" "lang": "eng",
}, "value": "Buffer overflow in the telnet service in Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx 10.x.x (R2) and earlier, and SDM-92xx 9.x.x (R1) and earlier allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via a long username."
{ }
"name" : "20060913 NetPerformer FRAD ACT Multiple Vulnerabilities", ]
"refsource" : "FULLDISC", },
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049434.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "19989", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/19989" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-3605", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/3605" ]
}, },
{ "references": {
"name" : "21876", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21876" "name": "21876",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21876"
"name" : "1583", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1583" "name": "1583",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/1583"
"name" : "netperformer-telnet-username-bo(28908)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28908" "name": "20060913 NetPerformer FRAD ACT Multiple Vulnerabilities",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/445883/100/0/threaded"
} },
{
"name": "ADV-2006-3605",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3605"
},
{
"name": "20060913 NetPerformer FRAD ACT Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049434.html"
},
{
"name": "netperformer-telnet-username-bo(28908)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28908"
},
{
"name": "19989",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19989"
}
]
}
} }

248
2006/5xxx/CVE-2006-5332.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5332", "ID": "CVE-2006-5332",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in xdb.dbms_xdbz in the XMLDB component for Oracle Database 9.2.0.6 and 10.1.0.4 has unknown impact and remote authenticated attack vectors, aka Vuln# DB01. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB01 is for PL/SQL injection in the ENABLE_HIERARCHY_INTERNAL procedure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061018 Analysis of the Oracle October 2006 Critical Patch Update", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/449110/100/0/threaded" "lang": "eng",
}, "value": "Unspecified vulnerability in xdb.dbms_xdbz in the XMLDB component for Oracle Database 9.2.0.6 and 10.1.0.4 has unknown impact and remote authenticated attack vectors, aka Vuln# DB01. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB01 is for PL/SQL injection in the ENABLE_HIERARCHY_INTERNAL procedure."
{ }
"name" : "20061023 SQL Injection in package XDB.DBMS_XDBZ0", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/449510/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf", "description": [
"refsource" : "MISC", {
"url" : "http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", ]
"refsource" : "MISC", }
"url" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html" ]
}, },
{ "references": {
"name" : "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_xdbz0.html", "reference_data": [
"refsource" : "MISC", {
"url" : "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_xdbz0.html" "name": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html",
}, "refsource": "MISC",
{ "url": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html"
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html" "name": "20588",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/20588"
"name" : "HPSBMA02133", },
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded" "name": "HPSBMA02133",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded"
"name" : "SSRT061201", },
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded" "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html"
"name" : "TA06-291A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-291A.html" "name": "http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf",
}, "refsource": "MISC",
{ "url": "http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf"
"name" : "VU#717140", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/717140" "name": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_xdbz0.html",
}, "refsource": "MISC",
{ "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_xdbz0.html"
"name" : "20588", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/20588" "name": "20061023 SQL Injection in package XDB.DBMS_XDBZ0",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/449510/100/0/threaded"
"name" : "ADV-2006-4065", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4065" "name": "20061018 Analysis of the Oracle October 2006 Critical Patch Update",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/449110/100/0/threaded"
"name" : "1017077", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1017077" "name": "SSRT061201",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded"
"name" : "22396", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22396" "name": "ADV-2006-4065",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/4065"
} },
{
"name": "VU#717140",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/717140"
},
{
"name": "22396",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22396"
},
{
"name": "1017077",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017077"
},
{
"name": "TA06-291A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-291A.html"
}
]
}
} }

468
2010/0xxx/CVE-2010-0088.json
View File

@ -1,237 +1,237 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2010-0088", "ID": "CVE-2010-0088",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0085."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" "lang": "eng",
}, "value": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0085."
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT4170", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4170" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.apple.com/kb/HT4171", ]
"refsource" : "CONFIRM", }
"url" : "http://support.apple.com/kb/HT4171" ]
}, },
{ "references": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" "name": "APPLE-SA-2010-05-18-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" "name": "HPSBMU02799",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
"name" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" "name": "39317",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/39317"
"name" : "APPLE-SA-2010-05-18-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html" "name": "RHSA-2010:0383",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0383.html"
"name" : "APPLE-SA-2010-05-18-2", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html" "name": "40545",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/40545"
"name" : "HPSBMA02547", },
"refsource" : "HP", {
"url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" "name": "ADV-2010-1454",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1454"
"name" : "SSRT100179", },
"refsource" : "HP", {
"url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" "name": "39819",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/39819"
"name" : "HPSBMU02799", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" "name": "oval:org.mitre.oval:def:14321",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14321"
"name" : "HPSBUX02524", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=127557596201693&w=2" "name": "ADV-2010-1107",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1107"
"name" : "SSRT100089", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=127557596201693&w=2" "name": "RHSA-2010:0338",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html"
"name" : "MDVSA-2010:084", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084" "name": "ADV-2010-1793",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1793"
"name" : "RHSA-2010:0337", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0337.html" "name": "APPLE-SA-2010-05-18-2",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
"name" : "RHSA-2010:0338", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0338.html" "name": "SUSE-SR:2010:011",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
"name" : "RHSA-2010:0339", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0339.html" "name": "43308",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43308"
"name" : "RHSA-2010:0383", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0383.html" "name": "oval:org.mitre.oval:def:11173",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11173"
"name" : "RHSA-2010:0471", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0471.html" "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
"name" : "SUSE-SR:2010:008", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" "name": "SSRT100179",
}, "refsource": "HP",
{ "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
"name" : "SUSE-SR:2010:011", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" "name": "SSRT100089",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=127557596201693&w=2"
"name" : "SUSE-SR:2010:017", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" "name": "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html"
"name" : "USN-923-1", },
"refsource" : "UBUNTU", {
"url" : "http://ubuntu.com/usn/usn-923-1" "name": "RHSA-2010:0339",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0339.html"
"name" : "oval:org.mitre.oval:def:11173", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11173" "name": "HPSBUX02524",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=127557596201693&w=2"
"name" : "oval:org.mitre.oval:def:14321", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14321" "name": "39292",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/39292"
"name" : "39292", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39292" "name": "http://support.apple.com/kb/HT4170",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4170"
"name" : "39317", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39317" "name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
"name" : "39659", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39659" "name": "SUSE-SR:2010:008",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
"name" : "39819", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39819" "name": "39659",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/39659"
"name" : "40545", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40545" "name": "RHSA-2010:0471",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0471.html"
"name" : "43308", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43308" "name": "SUSE-SR:2010:017",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
"name" : "ADV-2010-1107", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1107" "name": "USN-923-1",
}, "refsource": "UBUNTU",
{ "url": "http://ubuntu.com/usn/usn-923-1"
"name" : "ADV-2010-1191", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1191" "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
"name" : "ADV-2010-1454", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1454" "name": "RHSA-2010:0337",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html"
"name" : "ADV-2010-1793", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1793" "name": "HPSBMA02547",
} "refsource": "HP",
] "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
} },
{
"name": "http://support.apple.com/kb/HT4171",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4171"
},
{
"name": "MDVSA-2010:084",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "ADV-2010-1191",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1191"
}
]
}
} }

128
2010/0xxx/CVE-2010-0154.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-0154", "ID": "CVE-2010-0154",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in sla/index.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the l parameter, related to an \"Insecure Direct Object Reference vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100912 MVSA-10-008 / CVE-2010-0154 - IBM Proventia Mail Security System - Insecure Direct Object Reference vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/513637/100/0/threaded" "lang": "eng",
}, "value": "Directory traversal vulnerability in sla/index.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the l parameter, related to an \"Insecure Direct Object Reference vulnerability.\""
{ }
"name" : "http://www.ventuneac.net/security-advisories/MVSA-10-008", ]
"refsource" : "MISC", },
"url" : "http://www.ventuneac.net/security-advisories/MVSA-10-008" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ventuneac.net/security-advisories/MVSA-10-008",
"refsource": "MISC",
"url": "http://www.ventuneac.net/security-advisories/MVSA-10-008"
},
{
"name": "20100912 MVSA-10-008 / CVE-2010-0154 - IBM Proventia Mail Security System - Insecure Direct Object Reference vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513637/100/0/threaded"
}
]
}
} }

148
2010/2xxx/CVE-2010-2310.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2310", "ID": "CVE-2010-2310",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SolarWinds TFTP Server 10.4.0.13 allows remote attackers to cause a denial of service (crash) via a long write request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "13836", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/13836" "lang": "eng",
}, "value": "SolarWinds TFTP Server 10.4.0.13 allows remote attackers to cause a denial of service (crash) via a long write request."
{ }
"name" : "40824", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/40824" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "65540", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/65540" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "solarwinds-read-dos(59419)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59419" ]
} },
] "references": {
} "reference_data": [
{
"name": "solarwinds-read-dos(59419)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59419"
},
{
"name": "13836",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/13836"
},
{
"name": "65540",
"refsource": "OSVDB",
"url": "http://osvdb.org/65540"
},
{
"name": "40824",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40824"
}
]
}
} }

258
2010/2xxx/CVE-2010-2519.json
View File

@ -1,132 +1,132 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-2519", "ID": "CVE-2010-2519",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[freetype] 20100712 FreeType 2.4.0 has been released", "description_data": [
"refsource" : "MLIST", {
"url" : "http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html" "lang": "eng",
}, "value": "Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file."
{ }
"name" : "[oss-security] 20100713 Multiple bugs in freetype", ]
"refsource" : "MLIST", },
"url" : "http://marc.info/?l=oss-security&m=127905701201340&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20100714 Re: Multiple bugs in freetype", "description": [
"refsource" : "MLIST", {
"url" : "http://marc.info/?l=oss-security&m=127909326909362&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=5ef20c8c1d4de12a84b50ba497c2a358c90ec44b", ]
"refsource" : "CONFIRM", }
"url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=5ef20c8c1d4de12a84b50ba497c2a358c90ec44b" ]
}, },
{ "references": {
"name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=b2ea64bcc6c385a8e8318f9c759450a07df58b6d", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=b2ea64bcc6c385a8e8318f9c759450a07df58b6d" "name": "USN-963-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-963-1"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=613194", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=613194" "name": "http://support.apple.com/kb/HT4435",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4435"
"name" : "https://savannah.nongnu.org/bugs/?30306", },
"refsource" : "CONFIRM", {
"url" : "https://savannah.nongnu.org/bugs/?30306" "name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=b2ea64bcc6c385a8e8318f9c759450a07df58b6d",
}, "refsource": "CONFIRM",
{ "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=b2ea64bcc6c385a8e8318f9c759450a07df58b6d"
"name" : "http://support.apple.com/kb/HT4435", },
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4435" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=613194",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=613194"
"name" : "APPLE-SA-2010-11-10-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" "name": "[freetype] 20100712 FreeType 2.4.0 has been released",
}, "refsource": "MLIST",
{ "url": "http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html"
"name" : "DSA-2070", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2010/dsa-2070" "name": "APPLE-SA-2010-11-10-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
"name" : "MDVSA-2010:137", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:137" "name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=5ef20c8c1d4de12a84b50ba497c2a358c90ec44b",
}, "refsource": "CONFIRM",
{ "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=5ef20c8c1d4de12a84b50ba497c2a358c90ec44b"
"name" : "RHSA-2010:0578", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0578.html" "name": "[oss-security] 20100714 Re: Multiple bugs in freetype",
}, "refsource": "MLIST",
{ "url": "http://marc.info/?l=oss-security&m=127909326909362&w=2"
"name" : "USN-963-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-963-1" "name": "https://savannah.nongnu.org/bugs/?30306",
}, "refsource": "CONFIRM",
{ "url": "https://savannah.nongnu.org/bugs/?30306"
"name" : "1024266", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1024266" "name": "DSA-2070",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2010/dsa-2070"
"name" : "48951", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48951" "name": "[oss-security] 20100713 Multiple bugs in freetype",
} "refsource": "MLIST",
] "url": "http://marc.info/?l=oss-security&m=127905701201340&w=2"
} },
{
"name": "1024266",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024266"
},
{
"name": "RHSA-2010:0578",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0578.html"
},
{
"name": "MDVSA-2010:137",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:137"
},
{
"name": "48951",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48951"
}
]
}
} }

248
2010/2xxx/CVE-2010-2568.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2010-2568", "ID": "CVE-2010-2568",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://isc.sans.edu/diary.html?storyid=9181", "description_data": [
"refsource" : "MISC", {
"url" : "http://isc.sans.edu/diary.html?storyid=9181" "lang": "eng",
}, "value": "Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems."
{ }
"name" : "http://isc.sans.edu/diary.html?storyid=9190", ]
"refsource" : "MISC", },
"url" : "http://isc.sans.edu/diary.html?storyid=9190" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/", "description": [
"refsource" : "MISC", {
"url" : "http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.f-secure.com/weblog/archives/00001986.html", ]
"refsource" : "MISC", }
"url" : "http://www.f-secure.com/weblog/archives/00001986.html" ]
}, },
{ "references": {
"name" : "http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf", "reference_data": [
"refsource" : "MISC", {
"url" : "http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf" "name": "TA10-222A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
"name" : "https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm", },
"refsource" : "MISC", {
"url" : "https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm" "name": "http://isc.sans.edu/diary.html?storyid=9181",
}, "refsource": "MISC",
{ "url": "http://isc.sans.edu/diary.html?storyid=9181"
"name" : "http://www.microsoft.com/technet/security/advisory/2286198.mspx", },
"refsource" : "CONFIRM", {
"url" : "http://www.microsoft.com/technet/security/advisory/2286198.mspx" "name": "oval:org.mitre.oval:def:11564",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564"
"name" : "MS10-046", },
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046" "name": "http://www.f-secure.com/weblog/archives/00001986.html",
}, "refsource": "MISC",
{ "url": "http://www.f-secure.com/weblog/archives/00001986.html"
"name" : "TA10-222A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" "name": "VU#940193",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/940193"
"name" : "VU#940193", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/940193" "name": "http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/",
}, "refsource": "MISC",
{ "url": "http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/"
"name" : "41732", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/41732" "name": "40647",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/40647"
"name" : "oval:org.mitre.oval:def:11564", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564" "name": "http://www.microsoft.com/technet/security/advisory/2286198.mspx",
}, "refsource": "CONFIRM",
{ "url": "http://www.microsoft.com/technet/security/advisory/2286198.mspx"
"name" : "1024216", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1024216" "name": "http://isc.sans.edu/diary.html?storyid=9190",
}, "refsource": "MISC",
{ "url": "http://isc.sans.edu/diary.html?storyid=9190"
"name" : "40647", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40647" "name": "41732",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/41732"
} },
{
"name": "http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf",
"refsource": "MISC",
"url": "http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf"
},
{
"name": "https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm",
"refsource": "MISC",
"url": "https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htm"
},
{
"name": "1024216",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024216"
},
{
"name": "MS10-046",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046"
}
]
}
} }

198
2010/2xxx/CVE-2010-2580.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID" : "CVE-2010-2580", "ID": "CVE-2010-2580",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not properly perform a length check, which allows remote attackers to cause a denial of service (crash) via a long (1) email address in the MAIL FROM command, or (2) domain name in the RCPT TO command, which triggers an \"unhandled invalid parameter error.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100913 Secunia Research: MailEnable SMTP Service Two Denial of Service Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/513648/100/0/threaded" "lang": "eng",
}, "value": "The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not properly perform a length check, which allows remote attackers to cause a denial of service (crash) via a long (1) email address in the MAIL FROM command, or (2) domain name in the RCPT TO command, which triggers an \"unhandled invalid parameter error.\""
{ }
"name" : "http://secunia.com/secunia_research/2010-112/", ]
"refsource" : "MISC", },
"url" : "http://secunia.com/secunia_research/2010-112/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.mailenable.com/Enterprise-ReleaseNotes.txt", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.mailenable.com/Enterprise-ReleaseNotes.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.mailenable.com/Professional-ReleaseNotes.txt", ]
"refsource" : "CONFIRM", }
"url" : "http://www.mailenable.com/Professional-ReleaseNotes.txt" ]
}, },
{ "references": {
"name" : "http://www.mailenable.com/Standard-ReleaseNotes.txt", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mailenable.com/Standard-ReleaseNotes.txt" "name": "http://www.mailenable.com/Standard-ReleaseNotes.txt",
}, "refsource": "CONFIRM",
{ "url": "http://www.mailenable.com/Standard-ReleaseNotes.txt"
"name" : "http://www.mailenable.com/hotfix/", },
"refsource" : "CONFIRM", {
"url" : "http://www.mailenable.com/hotfix/" "name": "1024427",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1024427"
"name" : "43182", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/43182" "name": "43182",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/43182"
"name" : "1024427", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1024427" "name": "20100913 Secunia Research: MailEnable SMTP Service Two Denial of Service Vulnerabilities",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/513648/100/0/threaded"
"name" : "41175", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/41175" "name": "http://www.mailenable.com/Professional-ReleaseNotes.txt",
} "refsource": "CONFIRM",
] "url": "http://www.mailenable.com/Professional-ReleaseNotes.txt"
} },
{
"name": "http://www.mailenable.com/hotfix/",
"refsource": "CONFIRM",
"url": "http://www.mailenable.com/hotfix/"
},
{
"name": "http://secunia.com/secunia_research/2010-112/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2010-112/"
},
{
"name": "41175",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41175"
},
{
"name": "http://www.mailenable.com/Enterprise-ReleaseNotes.txt",
"refsource": "CONFIRM",
"url": "http://www.mailenable.com/Enterprise-ReleaseNotes.txt"
}
]
}
} }

228
2010/3xxx/CVE-2010-3053.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-3053", "ID": "CVE-2010-3053",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019" "lang": "eng",
}, "value": "bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string."
{ }
"name" : "http://support.apple.com/kb/HT4435", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT4435" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT4456", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4456" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.apple.com/kb/HT4457", ]
"refsource" : "CONFIRM", }
"url" : "http://support.apple.com/kb/HT4457" ]
}, },
{ "references": {
"name" : "APPLE-SA-2010-11-10-1", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" "name": "ADV-2010-3045",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/3045"
"name" : "APPLE-SA-2010-11-22-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" "name": "http://support.apple.com/kb/HT4435",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4435"
"name" : "SUSE-SR:2010:019", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" "name": "https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019",
}, "refsource": "CONFIRM",
{ "url": "https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019"
"name" : "42317", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42317" "name": "http://support.apple.com/kb/HT4457",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4457"
"name" : "42314", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42314" "name": "ADV-2010-3046",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/3046"
"name" : "48951", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48951" "name": "APPLE-SA-2010-11-10-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
"name" : "ADV-2010-3045", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/3045" "name": "42317",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42317"
"name" : "ADV-2010-3046", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/3046" "name": "42314",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/42314"
} },
{
"name": "http://support.apple.com/kb/HT4456",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "48951",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48951"
},
{
"name": "SUSE-SR:2010:019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"name": "APPLE-SA-2010-11-22-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
]
}
} }

148
2010/3xxx/CVE-2010-3254.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-3254", "ID": "CVE-2010-3254",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The WebSockets implementation in Google Chrome before 6.0.472.53 does not properly handle integer values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=51630", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=51630" "lang": "eng",
}, "value": "The WebSockets implementation in Google Chrome before 6.0.472.53 does not properly handle integer values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors."
{ }
"name" : "http://code.google.com/p/chromium/issues/detail?id=51739", ]
"refsource" : "CONFIRM", },
"url" : "http://code.google.com/p/chromium/issues/detail?id=51739" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:12119", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12119" ]
} },
] "references": {
} "reference_data": [
{
"name": "oval:org.mitre.oval:def:12119",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12119"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=51739",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=51739"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=51630",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=51630"
},
{
"name": "http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html"
}
]
}
} }

278
2010/3xxx/CVE-2010-3611.json
View File

@ -1,142 +1,142 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2010-3611", "ID": "CVE-2010-3611",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.isc.org/software/dhcp/advisories/cve-2010-3611", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.isc.org/software/dhcp/advisories/cve-2010-3611" "lang": "eng",
}, "value": "ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address field."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=649877", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=649877" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2010-17303", "description": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051287.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2010-17312", ]
"refsource" : "FEDORA", }
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050766.html" ]
}, },
{ "references": {
"name" : "MDVSA-2010:226", "reference_data": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:226" "name": "http://www.isc.org/software/dhcp/advisories/cve-2010-3611",
}, "refsource": "CONFIRM",
{ "url": "http://www.isc.org/software/dhcp/advisories/cve-2010-3611"
"name" : "RHSA-2010:0923", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0923.html" "name": "iscdhcp-relayforward-dos(62965)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62965"
"name" : "SUSE-SR:2010:021", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html" "name": "42082",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42082"
"name" : "VU#102047", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/102047" "name": "ADV-2010-2879",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/2879"
"name" : "44615", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/44615" "name": "MDVSA-2010:226",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:226"
"name" : "68999", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/68999" "name": "42345",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42345"
"name" : "42082", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42082" "name": "ADV-2010-3044",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/3044"
"name" : "42345", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42345" "name": "RHSA-2010:0923",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0923.html"
"name" : "42407", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42407" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=649877",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=649877"
"name" : "ADV-2010-2879", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2879" "name": "ADV-2010-3092",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/3092"
"name" : "ADV-2010-3044", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/3044" "name": "FEDORA-2010-17312",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050766.html"
"name" : "ADV-2010-3092", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/3092" "name": "44615",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/44615"
"name" : "iscdhcp-relayforward-dos(62965)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62965" "name": "68999",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/68999"
} },
{
"name": "SUSE-SR:2010:021",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
},
{
"name": "42407",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42407"
},
{
"name": "FEDORA-2010-17303",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051287.html"
},
{
"name": "VU#102047",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/102047"
}
]
}
} }

178
2010/4xxx/CVE-2010-4460.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2010-4460", "ID": "CVE-2010-4460",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Fault Manager Daemon."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Fault Manager Daemon."
{ }
"name" : "45895", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/45895" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "70590", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/70590" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1024975", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1024975" ]
}, },
{ "references": {
"name" : "42984", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42984" "name": "solaris-fault-manager-priv-escalation(64804)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64804"
"name" : "ADV-2011-0151", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0151" "name": "42984",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42984"
"name" : "solaris-fault-manager-priv-escalation(64804)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64804" "name": "45895",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/45895"
} },
{
"name": "1024975",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024975"
},
{
"name": "70590",
"refsource": "OSVDB",
"url": "http://osvdb.org/70590"
},
{
"name": "ADV-2011-0151",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0151"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
}
]
}
} }

32
2010/4xxx/CVE-2010-4560.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2010-4560", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2010-4560",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-4669. Reason: This candidate is a duplicate of CVE-2010-4669. Notes: All CVE users should reference CVE-2010-4669 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-4669. Reason: This candidate is a duplicate of CVE-2010-4669. Notes: All CVE users should reference CVE-2010-4669 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

178
2010/4xxx/CVE-2010-4629.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4629", "ID": "CVE-2010-4629",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MyBB (aka MyBulletinBoard) before 1.4.12 does not properly restrict uid values for group join requests, which allows remote attackers to cause a denial of service (resource consumption) by using guest access to submit join request forms for moderated groups, related to usercp.php and managegroup.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12", "description_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2010/10/08/7" "lang": "eng",
}, "value": "MyBB (aka MyBulletinBoard) before 1.4.12 does not properly restrict uid values for group join requests, which allows remote attackers to cause a denial of service (resource consumption) by using guest access to submit join request forms for moderated groups, related to usercp.php and managegroup.php."
{ }
"name" : "[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12", ]
"refsource" : "MLIST", },
"url" : "http://openwall.com/lists/oss-security/2010/10/11/8" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12", "description": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2010/12/06/2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/", ]
"refsource" : "CONFIRM", }
"url" : "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/" ]
}, },
{ "references": {
"name" : "http://dev.mybboard.net/issues/722", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://dev.mybboard.net/issues/722" "name": "mybb-uid-values-dos(64513)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64513"
"name" : "http://dev.mybboard.net/projects/mybb/repository/revisions/4856", },
"refsource" : "CONFIRM", {
"url" : "http://dev.mybboard.net/projects/mybb/repository/revisions/4856" "name": "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/",
}, "refsource": "CONFIRM",
{ "url": "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/"
"name" : "mybb-uid-values-dos(64513)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64513" "name": "[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12",
} "refsource": "MLIST",
] "url": "http://openwall.com/lists/oss-security/2010/10/08/7"
} },
{
"name": "http://dev.mybboard.net/projects/mybb/repository/revisions/4856",
"refsource": "CONFIRM",
"url": "http://dev.mybboard.net/projects/mybb/repository/revisions/4856"
},
{
"name": "[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/10/11/8"
},
{
"name": "http://dev.mybboard.net/issues/722",
"refsource": "CONFIRM",
"url": "http://dev.mybboard.net/issues/722"
},
{
"name": "[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/12/06/2"
}
]
}
} }

32
2010/4xxx/CVE-2010-4815.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4815", "ID": "CVE-2010-4815",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2011/1xxx/CVE-2011-1648.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-1648", "ID": "CVE-2011-1648",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

148
2011/1xxx/CVE-2011-1927.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-1927", "ID": "CVE-2011-1927",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ip_expire function in net/ipv4/ip_fragment.c in the Linux kernel before 2.6.39 does not properly construct ICMP_TIME_EXCEEDED packets after a timeout, which allows remote attackers to cause a denial of service (invalid pointer dereference) via crafted fragmented packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110518 Re: CVE request: kernel: net: ip_expire() must revalidate route", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/05/18/2" "lang": "eng",
}, "value": "The ip_expire function in net/ipv4/ip_fragment.c in the Linux kernel before 2.6.39 does not properly construct ICMP_TIME_EXCEEDED packets after a timeout, which allows remote attackers to cause a denial of service (invalid pointer dereference) via crafted fragmented packets."
{ }
"name" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39", ]
"refsource" : "CONFIRM", },
"url" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=64f3b9e203bd06855072e295557dca1485a2ecba", "description": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=64f3b9e203bd06855072e295557dca1485a2ecba" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/torvalds/linux/commit/64f3b9e203bd06855072e295557dca1485a2ecba", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/torvalds/linux/commit/64f3b9e203bd06855072e295557dca1485a2ecba" ]
} },
] "references": {
} "reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/64f3b9e203bd06855072e295557dca1485a2ecba",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/64f3b9e203bd06855072e295557dca1485a2ecba"
},
{
"name": "[oss-security] 20110518 Re: CVE request: kernel: net: ip_expire() must revalidate route",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/05/18/2"
},
{
"name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39",
"refsource": "CONFIRM",
"url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=64f3b9e203bd06855072e295557dca1485a2ecba",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=64f3b9e203bd06855072e295557dca1485a2ecba"
}
]
}
} }

32
2011/5xxx/CVE-2011-5282.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-5282", "ID": "CVE-2011-5282",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2011/5xxx/CVE-2011-5290.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-5290", "ID": "CVE-2011-5290",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SaveToFile method in the UniBasicPack.UniTextBox ActiveX control in UniBasic100_EDA1811C.ocx in IDrive Online Backup 3.4.0 allows remote attackers to write to arbitrary files via a pathname in the first argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.htbridge.com/advisory/HTB23025", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.htbridge.com/advisory/HTB23025" "lang": "eng",
} "value": "The SaveToFile method in the UniBasicPack.UniTextBox ActiveX control in UniBasic100_EDA1811C.ocx in IDrive Online Backup 3.4.0 allows remote attackers to write to arbitrary files via a pathname in the first argument."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.htbridge.com/advisory/HTB23025",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23025"
}
]
}
} }

128
2014/3xxx/CVE-2014-3019.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2014-3019", "ID": "CVE-2014-3019",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM BladeCenter SAS Connectivity Module (aka NSSM) and SAS RAID Module (aka RSSM) before 1.3.3.006 allow remote attackers to obtain blade and storage-pool access via a TELNET session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096774", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096774" "lang": "eng",
}, "value": "IBM BladeCenter SAS Connectivity Module (aka NSSM) and SAS RAID Module (aka RSSM) before 1.3.3.006 allow remote attackers to obtain blade and storage-pool access via a TELNET session."
{ }
"name" : "ibm-bladecenter-cve20143019-sec-bypass(93054)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93054" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096774",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096774"
},
{
"name": "ibm-bladecenter-cve20143019-sec-bypass(93054)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93054"
}
]
}
} }

158
2014/3xxx/CVE-2014-3291.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2014-3291", "ID": "CVE-2014-3291",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Wireless LAN Controller (WLC) devices allow remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a zero value in Cisco Discovery Protocol packet data that is not properly handled during SNMP polling, aka Bug ID CSCuo12321."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34558", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34558" "lang": "eng",
}, "value": "Cisco Wireless LAN Controller (WLC) devices allow remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a zero value in Cisco Discovery Protocol packet data that is not properly handled during SNMP polling, aka Bug ID CSCuo12321."
{ }
"name" : "20140606 Cisco Wireless LAN Controller Cisco Discovery Protocol Denial of Service Vulnerability", ]
"refsource" : "CISCO", },
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3291" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "67926", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/67926" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1030410", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1030410" ]
}, },
{ "references": {
"name" : "57895", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/57895" "name": "57895",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/57895"
} },
{
"name": "20140606 Cisco Wireless LAN Controller Cisco Discovery Protocol Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3291"
},
{
"name": "67926",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67926"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34558",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34558"
},
{
"name": "1030410",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030410"
}
]
}
} }

168
2014/3xxx/CVE-2014-3313.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2014-3313", "ID": "CVE-2014-3313",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the web user interface on Cisco Small Business SPA300 and SPA500 phones allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuo52582."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34885", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34885" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the web user interface on Cisco Small Business SPA300 and SPA500 phones allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuo52582."
{ }
"name" : "20140708 Cisco Small Business SPA300 and SPA500 Series IP Phones Cross-Site Scripting Vulnerability", ]
"refsource" : "CISCO", },
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3313" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "68464", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/68464" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1030553", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1030553" ]
}, },
{ "references": {
"name" : "59808", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/59808" "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34885",
}, "refsource": "CONFIRM",
{ "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34885"
"name" : "cisco-small-cve20143313-xss(94422)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94422" "name": "1030553",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1030553"
} },
{
"name": "68464",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68464"
},
{
"name": "cisco-small-cve20143313-xss(94422)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94422"
},
{
"name": "20140708 Cisco Small Business SPA300 and SPA500 Series IP Phones Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3313"
},
{
"name": "59808",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59808"
}
]
}
} }

118
2014/3xxx/CVE-2014-3405.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2014-3405", "ID": "CVE-2014-3405",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS XE enables the IPv6 Routing Protocol for Low-Power and Lossy Networks (aka RPL) on both the Autonomic Control Plane (ACP) and external Autonomic Networking Infrastructure (ANI) interfaces, which allows remote attackers to conduct route-injection attacks via crafted RPL advertisements on an ANI interface, aka Bug ID CSCuq22673."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20141009 Autonomic Networking Infrastructure Routing Protocol for Low-Power and Lossy Networks Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3405" "lang": "eng",
} "value": "Cisco IOS XE enables the IPv6 Routing Protocol for Low-Power and Lossy Networks (aka RPL) on both the Autonomic Control Plane (ACP) and external Autonomic Networking Infrastructure (ANI) interfaces, which allows remote attackers to conduct route-injection attacks via crafted RPL advertisements on an ANI interface, aka Bug ID CSCuq22673."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141009 Autonomic Networking Infrastructure Routing Protocol for Low-Power and Lossy Networks Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3405"
}
]
}
} }

198
2014/3xxx/CVE-2014-3434.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@symantec.com",
"ID" : "CVE-2014-3434", "ID": "CVE-2014-3434",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "34272", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/34272" "lang": "eng",
}, "value": "Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL call."
{ }
"name" : "http://packetstormsecurity.com/files/127772/Symantec-Endpoint-Protection-11.x-12.x-Kernel-Pool-Overflow.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/127772/Symantec-Endpoint-Protection-11.x-12.x-Kernel-Pool-Overflow.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140804_00", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140804_00" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "VU#252068", ]
"refsource" : "CERT-VN", }
"url" : "http://www.kb.cert.org/vuls/id/252068" ]
}, },
{ "references": {
"name" : "68946", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/68946" "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140804_00",
}, "refsource": "CONFIRM",
{ "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140804_00"
"name" : "109663", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/109663" "name": "109663",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/109663"
"name" : "58996", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/58996" "name": "68946",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/68946"
"name" : "59697", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/59697" "name": "symantec-endpoint-priv-escalation(95062)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95062"
"name" : "symantec-endpoint-priv-escalation(95062)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95062" "name": "VU#252068",
} "refsource": "CERT-VN",
] "url": "http://www.kb.cert.org/vuls/id/252068"
} },
{
"name": "58996",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58996"
},
{
"name": "59697",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59697"
},
{
"name": "34272",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/34272"
},
{
"name": "http://packetstormsecurity.com/files/127772/Symantec-Endpoint-Protection-11.x-12.x-Kernel-Pool-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127772/Symantec-Endpoint-Protection-11.x-12.x-Kernel-Pool-Overflow.html"
}
]
}
} }

188
2014/3xxx/CVE-2014-3689.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-3689", "ID": "CVE-2014-3689",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[Qemu-devel] 20141015 [PATCH v2 0/5] vmware-vga: fix CVE-2014-3689", "description_data": [
"refsource" : "MLIST", {
"url" : "https://www.mail-archive.com/qemu-devel@nongnu.org/msg261580.html" "lang": "eng",
}, "value": "The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling."
{ }
"name" : "DSA-3066", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2014/dsa-3066" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-3067", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2014/dsa-3067" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "USN-2409-1", ]
"refsource" : "UBUNTU", }
"url" : "http://www.ubuntu.com/usn/USN-2409-1" ]
}, },
{ "references": {
"name" : "114397", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/114397" "name": "62144",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/62144"
"name" : "60923", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/60923" "name": "62143",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/62143"
"name" : "62143", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/62143" "name": "DSA-3067",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2014/dsa-3067"
"name" : "62144", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/62144" "name": "[Qemu-devel] 20141015 [PATCH v2 0/5] vmware-vga: fix CVE-2014-3689",
} "refsource": "MLIST",
] "url": "https://www.mail-archive.com/qemu-devel@nongnu.org/msg261580.html"
} },
{
"name": "USN-2409-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2409-1"
},
{
"name": "60923",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60923"
},
{
"name": "DSA-3066",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3066"
},
{
"name": "114397",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/114397"
}
]
}
} }

158
2014/4xxx/CVE-2014-4148.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2014-4148", "ID": "CVE-2014-4148",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted TrueType font, as exploited in the wild in October 2014, aka \"TrueType Font Parsing Remote Code Execution Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx" "lang": "eng",
}, "value": "win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted TrueType font, as exploited in the wild in October 2014, aka \"TrueType Font Parsing Remote Code Execution Vulnerability.\""
{ }
"name" : "MS14-058", ]
"refsource" : "MS", },
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-058" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "70429", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/70429" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "60970", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/60970" ]
}, },
{ "references": {
"name" : "ms-kmd-cve20144148-code-exec(96995)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96995" "name": "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx",
} "refsource": "CONFIRM",
] "url": "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx"
} },
{
"name": "60970",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60970"
},
{
"name": "70429",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70429"
},
{
"name": "MS14-058",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-058"
},
{
"name": "ms-kmd-cve20144148-code-exec(96995)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96995"
}
]
}
} }

128
2014/4xxx/CVE-2014-4846.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-4846", "ID": "CVE-2014-4846",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Meta Slider (ml-slider) plugin 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to wp-admin/admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.com/files/127288/WordPress-ml-slider-2.5-Cross-Site-Scripting.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/127288/WordPress-ml-slider-2.5-Cross-Site-Scripting.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Meta Slider (ml-slider) plugin 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to wp-admin/admin.php."
{ }
"name" : "68283", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/68283" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68283",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68283"
},
{
"name": "http://packetstormsecurity.com/files/127288/WordPress-ml-slider-2.5-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127288/WordPress-ml-slider-2.5-Cross-Site-Scripting.html"
}
]
}
} }

138
2014/7xxx/CVE-2014-7530.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7530", "ID": "CVE-2014-7530",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PRIX IMPORT (aka com.myapphone.android.myapppriximport) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The PRIX IMPORT (aka com.myapphone.android.myapppriximport) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#192481", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/192481" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#192481",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/192481"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
} }

138
2014/7xxx/CVE-2014-7550.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7550", "ID": "CVE-2014-7550",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The basketball news & videos (aka com.basketbal.news.caesar) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The basketball news & videos (aka com.basketbal.news.caesar) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#463609", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/463609" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#463609",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/463609"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
} }

248
2014/8xxx/CVE-2014-8116.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-8116", "ID": "CVE-2014-8116",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20141216 file(1): multiple denial of service issues (resource consumption), CVE-2014-8116 and CVE-2014-8117", "description_data": [
"refsource" : "MLIST", {
"url" : "http://seclists.org/oss-sec/2014/q4/1056" "lang": "eng",
}, "value": "The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities."
{ }
"name" : "https://github.com/file/file/blob/00cef282a902a4a6709bbbbb933ee397768caa38/ChangeLog", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/file/file/blob/00cef282a902a4a6709bbbbb933ee397768caa38/ChangeLog" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/file/file/commit/b4c01141e5367f247b84dcaf6aefbb4e741842b8", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/file/file/commit/b4c01141e5367f247b84dcaf6aefbb4e741842b8" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/file/file/commit/d7cdad007c507e6c79f51f058dd77fab70ceb9f6", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/file/file/commit/d7cdad007c507e6c79f51f058dd77fab70ceb9f6" ]
}, },
{ "references": {
"name" : "http://advisories.mageia.org/MGASA-2015-0040.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://advisories.mageia.org/MGASA-2015-0040.html" "name": "https://github.com/file/file/commit/d7cdad007c507e6c79f51f058dd77fab70ceb9f6",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/file/file/commit/d7cdad007c507e6c79f51f058dd77fab70ceb9f6"
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" "name": "61944",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/61944"
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
"name" : "FreeBSD-SA-14:28", },
"refsource" : "FREEBSD", {
"url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc" "name": "FreeBSD-SA-14:28",
}, "refsource": "FREEBSD",
{ "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc"
"name" : "RHSA-2016:0760", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0760.html" "name": "71700",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/71700"
"name" : "USN-2494-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2494-1" "name": "RHSA-2016:0760",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"
"name" : "71700", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/71700" "name": "https://github.com/file/file/commit/b4c01141e5367f247b84dcaf6aefbb4e741842b8",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/file/file/commit/b4c01141e5367f247b84dcaf6aefbb4e741842b8"
"name" : "1031344", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031344" "name": "USN-2494-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2494-1"
"name" : "61944", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/61944" "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
"name" : "62081", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/62081" "name": "1031344",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1031344"
} },
{
"name": "62081",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62081"
},
{
"name": "[oss-security] 20141216 file(1): multiple denial of service issues (resource consumption), CVE-2014-8116 and CVE-2014-8117",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q4/1056"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0040.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0040.html"
},
{
"name": "https://github.com/file/file/blob/00cef282a902a4a6709bbbbb933ee397768caa38/ChangeLog",
"refsource": "CONFIRM",
"url": "https://github.com/file/file/blob/00cef282a902a4a6709bbbbb933ee397768caa38/ChangeLog"
}
]
}
} }

32
2014/8xxx/CVE-2014-8981.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-8981", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-8981",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
} }
] ]
} }
} }

138
2014/9xxx/CVE-2014-9094.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9094", "ID": "CVE-2014-9094",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20140714 XSS, FPD and RCE vulnerabilities in DZS Video Gallery for WordPress", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2014/Jul/65" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter."
{ }
"name" : "http://websecurity.com.ua/7152/", ]
"refsource" : "MISC", },
"url" : "http://websecurity.com.ua/7152/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "68525", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/68525" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "http://websecurity.com.ua/7152/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/7152/"
},
{
"name": "20140714 XSS, FPD and RCE vulnerabilities in DZS Video Gallery for WordPress",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jul/65"
},
{
"name": "68525",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68525"
}
]
}
} }

32
2014/9xxx/CVE-2014-9125.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9125", "ID": "CVE-2014-9125",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2014/9xxx/CVE-2014-9166.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2014-9166", "ID": "CVE-2014-9166",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe ColdFusion 10 before Update 15 and 11 before Update 3 allows attackers to cause a denial of service (resource consumption) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://helpx.adobe.com/security/products/coldfusion/apsb14-29.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://helpx.adobe.com/security/products/coldfusion/apsb14-29.html" "lang": "eng",
} "value": "Adobe ColdFusion 10 before Update 15 and 11 before Update 3 allows attackers to cause a denial of service (resource consumption) via unspecified vectors."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://helpx.adobe.com/security/products/coldfusion/apsb14-29.html",
"refsource": "CONFIRM",
"url": "http://helpx.adobe.com/security/products/coldfusion/apsb14-29.html"
}
]
}
} }

32
2014/9xxx/CVE-2014-9246.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-9246", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-9246",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9385, CVE-2014-9386. Reason: this ID was intended for one issue, but was assigned to two issues by a CNA. Notes: All CVE users should consult CVE-2014-9385 and CVE-2014-9386 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9385, CVE-2014-9386. Reason: this ID was intended for one issue, but was assigned to two issues by a CNA. Notes: All CVE users should consult CVE-2014-9385 and CVE-2014-9386 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

128
2014/9xxx/CVE-2014-9301.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9301", "ID": "CVE-2014-9301",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Server-side request forgery (SSRF) vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20140716 SEC Consult SA-20140716-0 :: Multiple SSRF vulnerabilities in Alfresco Community Edition", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://seclists.org/bugtraq/2014/Jul/72" "lang": "eng",
}, "value": "Server-side request forgery (SSRF) vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parameter."
{ }
"name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-0_Alfresco_Community_Edition_Multiple_SSRF_vulnerabilities_v10.txt", ]
"refsource" : "MISC", },
"url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-0_Alfresco_Community_Edition_Multiple_SSRF_vulnerabilities_v10.txt" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140716 SEC Consult SA-20140716-0 :: Multiple SSRF vulnerabilities in Alfresco Community Edition",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2014/Jul/72"
},
{
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-0_Alfresco_Community_Edition_Multiple_SSRF_vulnerabilities_v10.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-0_Alfresco_Community_Edition_Multiple_SSRF_vulnerabilities_v10.txt"
}
]
}
} }

328
2014/9xxx/CVE-2014-9322.json
View File

@ -1,167 +1,167 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9322", "ID": "CVE-2014-9322",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "36266", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/36266" "lang": "eng",
}, "value": "arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space."
{ }
"name" : "[oss-security] 20141215 Linux kernel: multiple x86_64 vulnerabilities", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2014/12/15/6" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-170", "description": [
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-170" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6f442be2fb22be02cafa606f1769fa1e6f894441", ]
"refsource" : "CONFIRM", }
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6f442be2fb22be02cafa606f1769fa1e6f894441" ]
}, },
{ "references": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1172806", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1172806" "name": "USN-2491-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2491-1"
"name" : "https://github.com/torvalds/linux/commit/6f442be2fb22be02cafa606f1769fa1e6f894441", },
"refsource" : "CONFIRM", {
"url" : "https://github.com/torvalds/linux/commit/6f442be2fb22be02cafa606f1769fa1e6f894441" "name": "HPSBGN03285",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=142722450701342&w=2"
"name" : "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.5", },
"refsource" : "CONFIRM", {
"url" : "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.5" "name": "SUSE-SU-2015:0736",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html"
"name" : "https://help.joyent.com/entries/98788667-Security-Advisory-ZDI-CAN-3263-ZDI-CAN-3284-and-ZDI-CAN-3364-Vulnerabilities", },
"refsource" : "CONFIRM", {
"url" : "https://help.joyent.com/entries/98788667-Security-Advisory-ZDI-CAN-3263-ZDI-CAN-3284-and-ZDI-CAN-3364-Vulnerabilities" "name": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.5",
}, "refsource": "CONFIRM",
{ "url": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.5"
"name" : "http://source.android.com/security/bulletin/2016-04-02.html", },
"refsource" : "CONFIRM", {
"url" : "http://source.android.com/security/bulletin/2016-04-02.html" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1172806",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1172806"
"name" : "HPSBGN03282", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=142722544401658&w=2" "name": "RHSA-2015:0009",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-0009.html"
"name" : "HPSBGN03285", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=142722450701342&w=2" "name": "HPSBGN03282",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=142722544401658&w=2"
"name" : "RHSA-2014:1998", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1998.html" "name": "https://help.joyent.com/entries/98788667-Security-Advisory-ZDI-CAN-3263-ZDI-CAN-3284-and-ZDI-CAN-3364-Vulnerabilities",
}, "refsource": "CONFIRM",
{ "url": "https://help.joyent.com/entries/98788667-Security-Advisory-ZDI-CAN-3263-ZDI-CAN-3284-and-ZDI-CAN-3364-Vulnerabilities"
"name" : "RHSA-2014:2008", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-2008.html" "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-170",
}, "refsource": "MISC",
{ "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-170"
"name" : "RHSA-2014:2028", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-2028.html" "name": "openSUSE-SU-2015:0566",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
"name" : "RHSA-2014:2031", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-2031.html" "name": "RHSA-2014:2008",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2014-2008.html"
"name" : "RHSA-2015:0009", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0009.html" "name": "https://github.com/torvalds/linux/commit/6f442be2fb22be02cafa606f1769fa1e6f894441",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/torvalds/linux/commit/6f442be2fb22be02cafa606f1769fa1e6f894441"
"name" : "openSUSE-SU-2015:0566", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html" "name": "62336",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/62336"
"name" : "SUSE-SU-2015:0812", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html" "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6f442be2fb22be02cafa606f1769fa1e6f894441",
}, "refsource": "CONFIRM",
{ "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6f442be2fb22be02cafa606f1769fa1e6f894441"
"name" : "SUSE-SU-2015:0736", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html" "name": "http://source.android.com/security/bulletin/2016-04-02.html",
}, "refsource": "CONFIRM",
{ "url": "http://source.android.com/security/bulletin/2016-04-02.html"
"name" : "USN-2491-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2491-1" "name": "RHSA-2014:1998",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2014-1998.html"
"name" : "115919", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/show/osvdb/115919" "name": "36266",
}, "refsource": "EXPLOIT-DB",
{ "url": "http://www.exploit-db.com/exploits/36266"
"name" : "62336", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/62336" "name": "RHSA-2014:2028",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2014-2028.html"
} },
{
"name": "RHSA-2014:2031",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-2031.html"
},
{
"name": "115919",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/115919"
},
{
"name": "[oss-security] 20141215 Linux kernel: multiple x86_64 vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/12/15/6"
},
{
"name": "SUSE-SU-2015:0812",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
}
]
}
} }

32
2016/2xxx/CVE-2016-2447.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-2447", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-2447",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-4477. Reason: This candidate is a reservation duplicate of CVE-2016-4477. Notes: All CVE users should reference CVE-2016-4477 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-4477. Reason: This candidate is a reservation duplicate of CVE-2016-4477. Notes: All CVE users should reference CVE-2016-4477 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

148
2016/6xxx/CVE-2016-6380.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2016-6380", "ID": "CVE-2016-6380",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DNS forwarder in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.15 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (data corruption or device reload) via a crafted DNS response, aka Bug ID CSCup90532."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-04", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-04" "lang": "eng",
}, "value": "The DNS forwarder in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.15 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (data corruption or device reload) via a crafted DNS response, aka Bug ID CSCup90532."
{ }
"name" : "20160928 Cisco IOS and IOS XE Software DNS Forwarder Denial of Service Vulnerability", ]
"refsource" : "CISCO", },
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-dns" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "93201", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/93201" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1036914", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1036914" ]
} },
] "references": {
} "reference_data": [
{
"name": "1036914",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036914"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-04",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-04"
},
{
"name": "20160928 Cisco IOS and IOS XE Software DNS Forwarder Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-dns"
},
{
"name": "93201",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93201"
}
]
}
} }

160
2016/6xxx/CVE-2016-6547.json
View File

@ -1,83 +1,83 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cert@cert.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2016-6547", "ID": "CVE-2016-6547",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Zizai Tech Nut stores the account password in cleartext" "TITLE": "Zizai Tech Nut stores the account password in cleartext"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Tech Nut Mobile Application", "product_name": "Tech Nut Mobile Application",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "?", "affected": "?",
"version_value" : "N/A" "version_value": "N/A"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Zizai Technology" "vendor_name": "Zizai Technology"
} }
]
}
},
"credit" : [
{
"lang" : "eng",
"value" : "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Zizai Tech Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-313: Cleartext Storage in a File or on Disk"
}
] ]
} }
] },
}, "credit": [
"references" : { {
"reference_data" : [ "lang": "eng",
{ "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
"name" : "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/", }
"refsource" : "MISC", ],
"url" : "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/" "data_format": "MITRE",
}, "data_type": "CVE",
{ "data_version": "4.0",
"name" : "VU#402847", "description": {
"refsource" : "CERT-VN", "description_data": [
"url" : "https://www.kb.cert.org/vuls/id/402847" {
}, "lang": "eng",
{ "value": "The Zizai Tech Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file."
"name" : "93877", }
"refsource" : "BID", ]
"url" : "https://www.securityfocus.com/bid/93877" },
} "problemtype": {
] "problemtype_data": [
}, {
"source" : { "description": [
"discovery" : "UNKNOWN" {
} "lang": "eng",
"value": "CWE-313: Cleartext Storage in a File or on Disk"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93877",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/93877"
},
{
"name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
},
{
"name": "VU#402847",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/402847"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
} }

198
2016/6xxx/CVE-2016-6808.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-6808", "ID": "CVE-2016-6808",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20161011 [SECURITY] CVE-2016-6808 Apache Tomcat JK ISAPI Connector buffer overflow", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2016/Oct/44" "lang": "eng",
}, "value": "Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42."
{ }
"name" : "[oss-security] 20161006 [SECURITY] CVE-2016-6808 Apache Tomcat JK ISAPI Connector buffer overflow", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2016/10/06/4" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://packetstormsecurity.com/files/139071/Apache-Tomcat-JK-ISAPI-Connector-1.2.41-Buffer-Overflow.html", "description": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/139071/Apache-Tomcat-JK-ISAPI-Connector-1.2.41-Buffer-Overflow.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://tomcat.apache.org/security-jk.html", ]
"refsource" : "CONFIRM", }
"url" : "http://tomcat.apache.org/security-jk.html" ]
}, },
{ "references": {
"name" : "RHSA-2016:2957", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2957.html" "name": "1036969",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1036969"
"name" : "RHSA-2017:0193", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:0193" "name": "20161011 [SECURITY] CVE-2016-6808 Apache Tomcat JK ISAPI Connector buffer overflow",
}, "refsource": "FULLDISC",
{ "url": "http://seclists.org/fulldisclosure/2016/Oct/44"
"name" : "RHSA-2017:0194", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:0194" "name": "RHSA-2017:0194",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:0194"
"name" : "93429", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/93429" "name": "93429",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/93429"
"name" : "1036969", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036969" "name": "RHSA-2017:0193",
} "refsource": "REDHAT",
] "url": "https://access.redhat.com/errata/RHSA-2017:0193"
} },
{
"name": "RHSA-2016:2957",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"name": "http://tomcat.apache.org/security-jk.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-jk.html"
},
{
"name": "http://packetstormsecurity.com/files/139071/Apache-Tomcat-JK-ISAPI-Connector-1.2.41-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/139071/Apache-Tomcat-JK-ISAPI-Connector-1.2.41-Buffer-Overflow.html"
},
{
"name": "[oss-security] 20161006 [SECURITY] CVE-2016-6808 Apache Tomcat JK ISAPI Connector buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/06/4"
}
]
}
} }

150
2016/6xxx/CVE-2016-6810.json
View File

@ -1,78 +1,78 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@apache.org", "ASSIGNER": "security@apache.org",
"DATE_PUBLIC" : "2016-12-09T00:00:00", "DATE_PUBLIC": "2016-12-09T00:00:00",
"ID" : "CVE-2016-6810", "ID": "CVE-2016-6810",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Apache ActiveMQ", "product_name": "Apache ActiveMQ",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.0.0 to 5.14.1" "version_value": "5.0.0 to 5.14.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Apache Software Foundation" "vendor_name": "Apache Software Foundation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[users] 20161209 [ANNOUNCE] CVE-2016-6810: ActiveMQ Web Console - Cross-Site Scripting", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.apache.org/thread.html/924a3a27fad192d711436421e02977ff90d9fc0f298e1efe6757cfbc@%3Cusers.activemq.apache.org%3E" "lang": "eng",
}, "value": "In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation."
{ }
"name" : "http://activemq.apache.org/security-advisories.data/CVE-2016-6810-announcement.txt", ]
"refsource" : "CONFIRM", },
"url" : "http://activemq.apache.org/security-advisories.data/CVE-2016-6810-announcement.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "94882", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/94882" "lang": "eng",
}, "value": "Cross-Site Scripting"
{ }
"name" : "1037475", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1037475" ]
} },
] "references": {
} "reference_data": [
{
"name": "http://activemq.apache.org/security-advisories.data/CVE-2016-6810-announcement.txt",
"refsource": "CONFIRM",
"url": "http://activemq.apache.org/security-advisories.data/CVE-2016-6810-announcement.txt"
},
{
"name": "1037475",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037475"
},
{
"name": "94882",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94882"
},
{
"name": "[users] 20161209 [ANNOUNCE] CVE-2016-6810: ActiveMQ Web Console - Cross-Site Scripting",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/924a3a27fad192d711436421e02977ff90d9fc0f298e1efe6757cfbc@%3Cusers.activemq.apache.org%3E"
}
]
}
} }

128
2016/6xxx/CVE-2016-6899.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-6899", "ID": "CVE-2016-6899",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, RH2288H V3 servers with software before V100R003C00SPC515, RH5885 V3 servers with software before V100R003C10SPC102, and XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSL encryption algorithm."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-server-en", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-server-en" "lang": "eng",
}, "value": "The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, RH2288H V3 servers with software before V100R003C00SPC515, RH5885 V3 servers with software before V100R003C10SPC102, and XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSL encryption algorithm."
{ }
"name" : "92623", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/92623" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92623",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92623"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-server-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-server-en"
}
]
}
} }

158
2016/6xxx/CVE-2016-6989.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2016-6989", "ID": "CVE-2016-6989",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, and CVE-2016-6990."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html" "lang": "eng",
}, "value": "Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, and CVE-2016-6990."
{ }
"name" : "GLSA-201610-10", ]
"refsource" : "GENTOO", },
"url" : "https://security.gentoo.org/glsa/201610-10" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2016:2057", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2057.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "93490", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/93490" ]
}, },
{ "references": {
"name" : "1036985", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036985" "name": "GLSA-201610-10",
} "refsource": "GENTOO",
] "url": "https://security.gentoo.org/glsa/201610-10"
} },
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html"
},
{
"name": "93490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93490"
},
{
"name": "RHSA-2016:2057",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2057.html"
},
{
"name": "1036985",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036985"
}
]
}
} }

138
2016/7xxx/CVE-2016-7220.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2016-7220", "ID": "CVE-2016-7220",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Virtual Secure Mode in Microsoft Windows 10 allows local users to obtain sensitive information via a crafted application, aka \"Virtual Secure Mode Information Disclosure Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS16-137", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-137" "lang": "eng",
}, "value": "Virtual Secure Mode in Microsoft Windows 10 allows local users to obtain sensitive information via a crafted application, aka \"Virtual Secure Mode Information Disclosure Vulnerability.\""
{ }
"name" : "94036", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/94036" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037249", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037249" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "1037249",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037249"
},
{
"name": "MS16-137",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-137"
},
{
"name": "94036",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94036"
}
]
}
} }

32
2016/7xxx/CVE-2016-7398.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-7398", "ID": "CVE-2016-7398",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

178
2016/7xxx/CVE-2016-7656.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2016-7656", "ID": "CVE-2016-7656",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT207421", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207421" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
{ }
"name" : "https://support.apple.com/HT207422", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT207422" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT207424", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207424" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://support.apple.com/HT207427", ]
"refsource" : "CONFIRM", }
"url" : "https://support.apple.com/HT207427" ]
}, },
{ "references": {
"name" : "GLSA-201706-15", "reference_data": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201706-15" "name": "https://support.apple.com/HT207427",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT207427"
"name" : "94907", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/94907" "name": "94907",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/94907"
"name" : "1037459", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037459" "name": "https://support.apple.com/HT207421",
} "refsource": "CONFIRM",
] "url": "https://support.apple.com/HT207421"
} },
{
"name": "1037459",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037459"
},
{
"name": "https://support.apple.com/HT207422",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207422"
},
{
"name": "GLSA-201706-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-15"
},
{
"name": "https://support.apple.com/HT207424",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207424"
}
]
}
} }

168
2016/7xxx/CVE-2016-7907.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2016-7907", "ID": "CVE-2016-7907",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20161003 CVE request Qemu: net: inifinte loop in imx_fec_do_tx() function", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/10/03/1" "lang": "eng",
}, "value": "The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags."
{ }
"name" : "[oss-security] 20161003 Re: CVE request Qemu: net: inifinte loop in imx_fec_do_tx() function", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2016/10/03/4" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[qemu-devel] 20160922 [PATCH v2] net: imx: limit buffer descriptor count", "description": [
"refsource" : "MLIST", {
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05556.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201611-11", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201611-11" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2016:3237", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html" "name": "[oss-security] 20161003 CVE request Qemu: net: inifinte loop in imx_fec_do_tx() function",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2016/10/03/1"
"name" : "93274", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/93274" "name": "GLSA-201611-11",
} "refsource": "GENTOO",
] "url": "https://security.gentoo.org/glsa/201611-11"
} },
{
"name": "openSUSE-SU-2016:3237",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "[qemu-devel] 20160922 [PATCH v2] net: imx: limit buffer descriptor count",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05556.html"
},
{
"name": "93274",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93274"
},
{
"name": "[oss-security] 20161003 Re: CVE request Qemu: net: inifinte loop in imx_fec_do_tx() function",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/03/4"
}
]
}
} }

178
2017/5xxx/CVE-2017-5017.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@google.com",
"ID" : "CVE-2017-5017", "ID": "CVE-2017-5017",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Google Chrome prior to 56.0.2924.76 for Mac", "product_name": "Google Chrome prior to 56.0.2924.76 for Mac",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Google Chrome prior to 56.0.2924.76 for Mac" "version_value": "Google Chrome prior to 56.0.2924.76 for Mac"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Interactions with the OS in Google Chrome prior to 56.0.2924.76 for Mac insufficiently cleared video memory, which allowed a remote attacker to possibly extract image fragments on systems with GeForce 8600M graphics chips via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "information disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html" "lang": "eng",
}, "value": "Interactions with the OS in Google Chrome prior to 56.0.2924.76 for Mac insufficiently cleared video memory, which allowed a remote attacker to possibly extract image fragments on systems with GeForce 8600M graphics chips via a crafted HTML page."
{ }
"name" : "https://crbug.com/676975", ]
"refsource" : "CONFIRM", },
"url" : "https://crbug.com/676975" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-3776", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3776" "lang": "eng",
}, "value": "information disclosure"
{ }
"name" : "GLSA-201701-66", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201701-66" ]
}, },
{ "references": {
"name" : "RHSA-2017:0206", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0206.html" "name": "95792",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/95792"
"name" : "95792", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/95792" "name": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html",
}, "refsource": "CONFIRM",
{ "url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
"name" : "1037718", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037718" "name": "GLSA-201701-66",
} "refsource": "GENTOO",
] "url": "https://security.gentoo.org/glsa/201701-66"
} },
{
"name": "RHSA-2017:0206",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0206.html"
},
{
"name": "https://crbug.com/676975",
"refsource": "CONFIRM",
"url": "https://crbug.com/676975"
},
{
"name": "1037718",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037718"
},
{
"name": "DSA-3776",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3776"
}
]
}
} }