admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 04:42:44 +00:00
parent 0d5f7ed9e8
commit da46f359ab
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
55 changed files with 4157 additions and 4157 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

168
2006/0xxx/CVE-2006-0122.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0122",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Public/Index.asp in Aquifer CMS allows remote attackers to inject arbitrary web script or HTML via the Keyword parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0122",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://osvdb.org/ref/22/22247-aquifer.txt",
"refsource" : "MISC",
"url" : "http://osvdb.org/ref/22/22247-aquifer.txt"
},
{
"name" : "20060124 vendor ack/fix: Aquifer CMS Index.asp Keyword Variable XSS (fwd)",
"refsource" : "VIM",
"url" : "http://attrition.org/pipermail/vim/2006-January/000509.html"
},
{
"name" : "16162",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16162"
},
{
"name" : "ADV-2006-0074",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0074"
},
{
"name" : "22247",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22247"
},
{
"name" : "18326",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18326"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Public/Index.asp in Aquifer CMS allows remote attackers to inject arbitrary web script or HTML via the Keyword parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060124 vendor ack/fix: Aquifer CMS Index.asp Keyword Variable XSS (fwd)",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2006-January/000509.html"
},
{
"name": "18326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18326"
},
{
"name": "ADV-2006-0074",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0074"
},
{
"name": "http://osvdb.org/ref/22/22247-aquifer.txt",
"refsource": "MISC",
"url": "http://osvdb.org/ref/22/22247-aquifer.txt"
},
{
"name": "16162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16162"
},
{
"name": "22247",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22247"
}
]
}
}

158
2006/0xxx/CVE-2006-0446.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0446",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in WeBWorK 2.1.3 and 2.2-pre1 allows remote privileged attackers to execute arbitrary commands as the web server via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0446",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://devel.webwork.rochester.edu/twiki/bin/view/Webwork/WeBWorKRelease2pt1pt4",
"refsource" : "CONFIRM",
"url" : "http://devel.webwork.rochester.edu/twiki/bin/view/Webwork/WeBWorKRelease2pt1pt4"
},
{
"name" : "16371",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16371"
},
{
"name" : "ADV-2006-0319",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0319"
},
{
"name" : "18594",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18594"
},
{
"name" : "webwork-unknown-command-execution(24322)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24322"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in WeBWorK 2.1.3 and 2.2-pre1 allows remote privileged attackers to execute arbitrary commands as the web server via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0319",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0319"
},
{
"name": "16371",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16371"
},
{
"name": "18594",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18594"
},
{
"name": "http://devel.webwork.rochester.edu/twiki/bin/view/Webwork/WeBWorKRelease2pt1pt4",
"refsource": "CONFIRM",
"url": "http://devel.webwork.rochester.edu/twiki/bin/view/Webwork/WeBWorKRelease2pt1pt4"
},
{
"name": "webwork-unknown-command-execution(24322)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24322"
}
]
}
}

158
2006/0xxx/CVE-2006-0536.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0536",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.27 allows remote attackers to inject arbitrary web script or HTML via the sort parameter. NOTE: some sources say that the affected parameter is \"date,\" but the demonstration URL shows that it is \"sort\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0536",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060203 Neomail Cross Site Scripting Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/423901/100/0/threaded"
},
{
"name" : "ADV-2006-0449",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0449"
},
{
"name" : "22978",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22978"
},
{
"name" : "1015581",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015581"
},
{
"name" : "neomail-neomail-script-xss(24470)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24470"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.27 allows remote attackers to inject arbitrary web script or HTML via the sort parameter. NOTE: some sources say that the affected parameter is \"date,\" but the demonstration URL shows that it is \"sort\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060203 Neomail Cross Site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423901/100/0/threaded"
},
{
"name": "1015581",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015581"
},
{
"name": "neomail-neomail-script-xss(24470)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24470"
},
{
"name": "ADV-2006-0449",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0449"
},
{
"name": "22978",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22978"
}
]
}
}

128
2006/0xxx/CVE-2006-0867.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0867",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in certain versions of South River (aka SRT) WebDrive, possibly version 6.08 build 1131 and version 8, allows remote attackers to cause a denial of service (application crash and persistent erratic behavior) via a long string in the name entry field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0867",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060222 South River WebDrive Buffer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/425785/100/0/threaded"
},
{
"name" : "webdrive-name-bo(24903)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24903"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in certain versions of South River (aka SRT) WebDrive, possibly version 6.08 build 1131 and version 8, allows remote attackers to cause a denial of service (application crash and persistent erratic behavior) via a long string in the name entry field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "webdrive-name-bo(24903)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24903"
},
{
"name": "20060222 South River WebDrive Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425785/100/0/threaded"
}
]
}
}

158
2006/1xxx/CVE-2006-1028.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1028",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to cause a denial of service (stressed file cache) by creating many files via filenames in the feed parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060302 JOOMLA CMS 1.0.7 DoS & path disclosing",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/426538/100/0/threaded"
},
{
"name" : "http://www.joomla.org/content/view/938/78/",
"refsource" : "CONFIRM",
"url" : "http://www.joomla.org/content/view/938/78/"
},
{
"name" : "23817",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23817"
},
{
"name" : "19105",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19105"
},
{
"name" : "527",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/527"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to cause a denial of service (stressed file cache) by creating many files via filenames in the feed parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060302 JOOMLA CMS 1.0.7 DoS & path disclosing",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426538/100/0/threaded"
},
{
"name": "19105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19105"
},
{
"name": "23817",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23817"
},
{
"name": "http://www.joomla.org/content/view/938/78/",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/content/view/938/78/"
},
{
"name": "527",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/527"
}
]
}
}

178
2006/1xxx/CVE-2006-1163.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1163",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Nodez 4.6.1.1 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: it is possible that this issue is resultant from the directory traversal vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://hamid.ir/security/nodez.txt",
"refsource" : "MISC",
"url" : "http://hamid.ir/security/nodez.txt"
},
{
"name" : "17066",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17066"
},
{
"name" : "ADV-2006-0899",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0899"
},
{
"name" : "23776",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23776"
},
{
"name" : "1015747",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015747"
},
{
"name" : "19165",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19165"
},
{
"name" : "nodez-op-xss(25121)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25121"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Nodez 4.6.1.1 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: it is possible that this issue is resultant from the directory traversal vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19165",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19165"
},
{
"name": "17066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17066"
},
{
"name": "http://hamid.ir/security/nodez.txt",
"refsource": "MISC",
"url": "http://hamid.ir/security/nodez.txt"
},
{
"name": "ADV-2006-0899",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0899"
},
{
"name": "1015747",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015747"
},
{
"name": "nodez-op-xss(25121)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25121"
},
{
"name": "23776",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23776"
}
]
}
}

168
2006/1xxx/CVE-2006-1500.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1500",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in Tilde CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://osvdb.org/ref/24/24233-tilde.txt",
"refsource" : "MISC",
"url" : "http://osvdb.org/ref/24/24233-tilde.txt"
},
{
"name" : "17299",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17299"
},
{
"name" : "ADV-2006-1145",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1145"
},
{
"name" : "24233",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24233"
},
{
"name" : "19447",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19447"
},
{
"name" : "tildecms-index-sql-injection(25510)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25510"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Tilde CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19447",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19447"
},
{
"name": "tildecms-index-sql-injection(25510)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25510"
},
{
"name": "http://osvdb.org/ref/24/24233-tilde.txt",
"refsource": "MISC",
"url": "http://osvdb.org/ref/24/24233-tilde.txt"
},
{
"name": "24233",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24233"
},
{
"name": "ADV-2006-1145",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1145"
},
{
"name": "17299",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17299"
}
]
}
}

138
2006/1xxx/CVE-2006-1956.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1956",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060418 [KAPDA::#41] - Mambo/Joomla rss component vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/431317/100/0/threaded"
},
{
"name" : "http://irannetjob.com/content/view/209/28/",
"refsource" : "MISC",
"url" : "http://irannetjob.com/content/view/209/28/"
},
{
"name" : "http://www.kapda.ir/advisory-313.html",
"refsource" : "MISC",
"url" : "http://www.kapda.ir/advisory-313.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kapda.ir/advisory-313.html",
"refsource": "MISC",
"url": "http://www.kapda.ir/advisory-313.html"
},
{
"name": "20060418 [KAPDA::#41] - Mambo/Joomla rss component vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431317/100/0/threaded"
},
{
"name": "http://irannetjob.com/content/view/209/28/",
"refsource": "MISC",
"url": "http://irannetjob.com/content/view/209/28/"
}
]
}
}

32
2006/3xxx/CVE-2006-3437.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3437",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2006-3437",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
}
]
}
}

138
2006/3xxx/CVE-2006-3939.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3939",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ScriptsCenter ezUpload Pro 2.2.0 allows remote attackers to perform administrative activities without authentication in (1) filter.php, which permits changing the Extensions Mode file type; (2) access.php, which permits changing the Protection Method; (3) edituser.php, which permits adding upload capabilities to user accounts; (4) settings.php, which permits changing the admin information; and (5) index.php, which permits uploading of arbitrary files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060726 EzUpload multi file vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/441172/100/0/threaded"
},
{
"name" : "19175",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19175"
},
{
"name" : "1305",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1305"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ScriptsCenter ezUpload Pro 2.2.0 allows remote attackers to perform administrative activities without authentication in (1) filter.php, which permits changing the Extensions Mode file type; (2) access.php, which permits changing the Protection Method; (3) edituser.php, which permits adding upload capabilities to user accounts; (4) settings.php, which permits changing the admin information; and (5) index.php, which permits uploading of arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19175",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19175"
},
{
"name": "1305",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1305"
},
{
"name": "20060726 EzUpload multi file vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441172/100/0/threaded"
}
]
}
}

138
2006/4xxx/CVE-2006-4303.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4303",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun Solaris 10 allows remote attackers to cause a denial of service (\"tight loop\" and CPU consumption for listener applications) via unknown vectors related to TCP fusion (do_tcp_fusion)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "102576",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102576-1"
},
{
"name" : "1016706",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016706"
},
{
"name" : "solaris-listener-dos(28420)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28420"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun Solaris 10 allows remote attackers to cause a denial of service (\"tight loop\" and CPU consumption for listener applications) via unknown vectors related to TCP fusion (do_tcp_fusion)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "solaris-listener-dos(28420)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28420"
},
{
"name": "102576",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102576-1"
},
{
"name": "1016706",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016706"
}
]
}
}

178
2006/4xxx/CVE-2006-4390.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4390",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows remote SSL sites to appear as trusted sites by using encryption without authentication, which can cause the lock icon in Safari to be displayed even when the site's identity cannot be trusted."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2006-09-29",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html"
},
{
"name" : "20271",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20271"
},
{
"name" : "ADV-2006-3852",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3852"
},
{
"name" : "29267",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29267"
},
{
"name" : "1016952",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016952"
},
{
"name" : "22187",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22187"
},
{
"name" : "macos-cfnetwork-ssl-spoofing(29277)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29277"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows remote SSL sites to appear as trusted sites by using encryption without authentication, which can cause the lock icon in Safari to be displayed even when the site's identity cannot be trusted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20271",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20271"
},
{
"name": "macos-cfnetwork-ssl-spoofing(29277)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29277"
},
{
"name": "1016952",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016952"
},
{
"name": "22187",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22187"
},
{
"name": "ADV-2006-3852",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3852"
},
{
"name": "APPLE-SA-2006-09-29",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html"
},
{
"name": "29267",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29267"
}
]
}
}

158
2006/4xxx/CVE-2006-4526.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4526",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in includes/content/viewCat.inc.php in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the searchArray[] parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4526",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.gulftech.org/?node=research&article_id=00111-08282006&",
"refsource" : "MISC",
"url" : "http://www.gulftech.org/?node=research&article_id=00111-08282006&"
},
{
"name" : "http://cubecart.com/site/forums/index.php?showtopic=21540",
"refsource" : "CONFIRM",
"url" : "http://cubecart.com/site/forums/index.php?showtopic=21540"
},
{
"name" : "http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90&act=Attach&type=post&id=697",
"refsource" : "CONFIRM",
"url" : "http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90&act=Attach&type=post&id=697"
},
{
"name" : "19782",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19782"
},
{
"name" : "21659",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21659"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in includes/content/viewCat.inc.php in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the searchArray[] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21659",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21659"
},
{
"name": "http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90&act=Attach&type=post&id=697",
"refsource": "CONFIRM",
"url": "http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90&act=Attach&type=post&id=697"
},
{
"name": "19782",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19782"
},
{
"name": "http://cubecart.com/site/forums/index.php?showtopic=21540",
"refsource": "CONFIRM",
"url": "http://cubecart.com/site/forums/index.php?showtopic=21540"
},
{
"name": "http://www.gulftech.org/?node=research&article_id=00111-08282006&",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research&article_id=00111-08282006&"
}
]
}
}

178
2006/4xxx/CVE-2006-4660.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4660",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the RSS Feed module in AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) allow remote attackers to process arbitrary web script or HTML in the Feeds interface context via the (1) title and (2) description elements within an item element in an RSS feed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060907 CORE-2006-0322: Multiple vulnerabilities in ICQ Toolbar 1.3 for Internet Explorer",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445515/100/0/threaded"
},
{
"name" : "http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1510",
"refsource" : "MISC",
"url" : "http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1510"
},
{
"name" : "19900",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19900"
},
{
"name" : "ADV-2006-3528",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3528"
},
{
"name" : "21809",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21809"
},
{
"name" : "1523",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1523"
},
{
"name" : "icq-toolbar-rss-feed-xss(28809)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28809"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the RSS Feed module in AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) allow remote attackers to process arbitrary web script or HTML in the Feeds interface context via the (1) title and (2) description elements within an item element in an RSS feed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1510",
"refsource": "MISC",
"url": "http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1510"
},
{
"name": "ADV-2006-3528",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3528"
},
{
"name": "icq-toolbar-rss-feed-xss(28809)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28809"
},
{
"name": "19900",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19900"
},
{
"name": "20060907 CORE-2006-0322: Multiple vulnerabilities in ICQ Toolbar 1.3 for Internet Explorer",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445515/100/0/threaded"
},
{
"name": "21809",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21809"
},
{
"name": "1523",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1523"
}
]
}
}

188
2006/4xxx/CVE-2006-4911.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4911",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Cisco IPS 5.0 before 5.0(6p2) and 5.1 before 5.1(2), when running in inline or promiscuous mode, allows remote attackers to bypass traffic inspection via a \"crafted sequence of fragmented IP packets\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060920 Cisco Security Advisory: Cisco Intrusion Prevention System Management Interface Denial of Service and Fragmented Packet Evasion Vulnerabilities",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20060920-ips.shtml"
},
{
"name" : "VU#658884",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/658884"
},
{
"name" : "20127",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20127"
},
{
"name" : "ADV-2006-3721",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3721"
},
{
"name" : "29036",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29036"
},
{
"name" : "1016891",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016891"
},
{
"name" : "22022",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22022"
},
{
"name" : "cisco-ips-frag-bypass(29058)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29058"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Cisco IPS 5.0 before 5.0(6p2) and 5.1 before 5.1(2), when running in inline or promiscuous mode, allows remote attackers to bypass traffic inspection via a \"crafted sequence of fragmented IP packets\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20127",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20127"
},
{
"name": "29036",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29036"
},
{
"name": "20060920 Cisco Security Advisory: Cisco Intrusion Prevention System Management Interface Denial of Service and Fragmented Packet Evasion Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060920-ips.shtml"
},
{
"name": "cisco-ips-frag-bypass(29058)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29058"
},
{
"name": "1016891",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016891"
},
{
"name": "VU#658884",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/658884"
},
{
"name": "22022",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22022"
},
{
"name": "ADV-2006-3721",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3721"
}
]
}
}

158
2010/2xxx/CVE-2010-2154.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2154",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Search Site in CMScout 2.09, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "12806",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/12806"
},
{
"name" : "65010",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/65010"
},
{
"name" : "39986",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39986"
},
{
"name" : "ADV-2010-1288",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1288"
},
{
"name" : "cmscout-search-xss(58996)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58996"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Search Site in CMScout 2.09, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "65010",
"refsource": "OSVDB",
"url": "http://osvdb.org/65010"
},
{
"name": "39986",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39986"
},
{
"name": "ADV-2010-1288",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1288"
},
{
"name": "12806",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12806"
},
{
"name": "cmscout-search-xss(58996)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58996"
}
]
}
}

188
2010/2xxx/CVE-2010-2647.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2647",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an invalid SVG document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=43488",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=43488"
},
{
"name" : "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html"
},
{
"name" : "MDVSA-2011:039",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name" : "USN-1006-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"name" : "oval:org.mitre.oval:def:11884",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11884"
},
{
"name" : "41856",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41856"
},
{
"name" : "ADV-2010-2722",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name" : "ADV-2011-0552",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0552"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an invalid SVG document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:039",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=43488",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=43488"
},
{
"name": "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html"
},
{
"name": "ADV-2010-2722",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name": "USN-1006-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"name": "41856",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41856"
},
{
"name": "ADV-2011-0552",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"name": "oval:org.mitre.oval:def:11884",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11884"
}
]
}
}

298
2010/3xxx/CVE-2010-3436.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3436",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3436",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://security-tracker.debian.org/tracker/CVE-2010-3436",
"refsource" : "CONFIRM",
"url" : "http://security-tracker.debian.org/tracker/CVE-2010-3436"
},
{
"name" : "http://svn.php.net/viewvc/php/php-src/trunk/main/fopen_wrappers.c?r1=303824&r2=303823&pathrev=303824",
"refsource" : "CONFIRM",
"url" : "http://svn.php.net/viewvc/php/php-src/trunk/main/fopen_wrappers.c?r1=303824&r2=303823&pathrev=303824"
},
{
"name" : "http://svn.php.net/viewvc?view=revision&revision=303824",
"refsource" : "CONFIRM",
"url" : "http://svn.php.net/viewvc?view=revision&revision=303824"
},
{
"name" : "http://www.php.net/ChangeLog-5.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/ChangeLog-5.php"
},
{
"name" : "http://www.php.net/archive/2010.php#id2010-12-10-1",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/archive/2010.php#id2010-12-10-1"
},
{
"name" : "http://www.php.net/releases/5_2_15.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/releases/5_2_15.php"
},
{
"name" : "http://www.php.net/releases/5_3_4.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/releases/5_3_4.php"
},
{
"name" : "http://support.apple.com/kb/HT4581",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4581"
},
{
"name" : "http://support.apple.com/kb/HT5002",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5002"
},
{
"name" : "APPLE-SA-2011-03-21-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name" : "APPLE-SA-2011-10-12-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name" : "MDVSA-2010:218",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:218"
},
{
"name" : "SSA:2010-357-01",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.490619"
},
{
"name" : "USN-1042-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1042-1"
},
{
"name" : "44723",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44723"
},
{
"name" : "42729",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42729"
},
{
"name" : "42812",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42812"
},
{
"name" : "ADV-2010-3313",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3313"
},
{
"name" : "ADV-2011-0077",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0077"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://svn.php.net/viewvc?view=revision&revision=303824",
"refsource": "CONFIRM",
"url": "http://svn.php.net/viewvc?view=revision&revision=303824"
},
{
"name": "ADV-2011-0077",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0077"
},
{
"name": "42812",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42812"
},
{
"name": "MDVSA-2010:218",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:218"
},
{
"name": "http://www.php.net/releases/5_3_4.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/releases/5_3_4.php"
},
{
"name": "http://svn.php.net/viewvc/php/php-src/trunk/main/fopen_wrappers.c?r1=303824&r2=303823&pathrev=303824",
"refsource": "CONFIRM",
"url": "http://svn.php.net/viewvc/php/php-src/trunk/main/fopen_wrappers.c?r1=303824&r2=303823&pathrev=303824"
},
{
"name": "APPLE-SA-2011-03-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name": "USN-1042-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1042-1"
},
{
"name": "44723",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44723"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "APPLE-SA-2011-10-12-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "SSA:2010-357-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.490619"
},
{
"name": "ADV-2010-3313",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3313"
},
{
"name": "http://www.php.net/archive/2010.php#id2010-12-10-1",
"refsource": "CONFIRM",
"url": "http://www.php.net/archive/2010.php#id2010-12-10-1"
},
{
"name": "http://www.php.net/releases/5_2_15.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/releases/5_2_15.php"
},
{
"name": "http://support.apple.com/kb/HT5002",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "42729",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42729"
},
{
"name": "http://security-tracker.debian.org/tracker/CVE-2010-3436",
"refsource": "CONFIRM",
"url": "http://security-tracker.debian.org/tracker/CVE-2010-3436"
},
{
"name": "http://support.apple.com/kb/HT4581",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4581"
}
]
}
}

148
2010/3xxx/CVE-2010-3701.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3701",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2 allows remote authenticated users to cause a denial of service (stack memory exhaustion and broker crash) via a large persistent message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=634014",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=634014"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=640006",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=640006"
},
{
"name" : "RHSA-2010:0756",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0756.html"
},
{
"name" : "RHSA-2010:0757",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0757.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2 allows remote authenticated users to cause a denial of service (stack memory exhaustion and broker crash) via a large persistent message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2010:0756",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0756.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=634014",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=634014"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=640006",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=640006"
},
{
"name": "RHSA-2010:0757",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0757.html"
}
]
}
}

158
2010/3xxx/CVE-2010-3878.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3878",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the JMX Console in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 allows remote attackers to hijack the authentication of administrators for requests that deploy WAR files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=604617",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=604617"
},
{
"name" : "RHSA-2010:0937",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0937.html"
},
{
"name" : "RHSA-2010:0938",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0938.html"
},
{
"name" : "RHSA-2010:0939",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0939.html"
},
{
"name" : "1024813",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024813"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the JMX Console in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 allows remote attackers to hijack the authentication of administrators for requests that deploy WAR files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2010:0938",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0938.html"
},
{
"name": "RHSA-2010:0937",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0937.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=604617",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=604617"
},
{
"name": "RHSA-2010:0939",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0939.html"
},
{
"name": "1024813",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024813"
}
]
}
}

178
2010/4xxx/CVE-2010-4974.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4974",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in info.php in BrotherScripts (BS) and ScriptsFeed Auto Dealer allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14239",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14239"
},
{
"name" : "http://packetstormsecurity.org/1007-exploits/bsautodealer-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1007-exploits/bsautodealer-sql.txt"
},
{
"name" : "41384",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41384"
},
{
"name" : "66013",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/66013"
},
{
"name" : "40391",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40391"
},
{
"name" : "8489",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8489"
},
{
"name" : "autodealer-info-sql-injection(60061)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60061"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in info.php in BrotherScripts (BS) and ScriptsFeed Auto Dealer allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40391",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40391"
},
{
"name": "14239",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14239"
},
{
"name": "66013",
"refsource": "OSVDB",
"url": "http://osvdb.org/66013"
},
{
"name": "autodealer-info-sql-injection(60061)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60061"
},
{
"name": "8489",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8489"
},
{
"name": "http://packetstormsecurity.org/1007-exploits/bsautodealer-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1007-exploits/bsautodealer-sql.txt"
},
{
"name": "41384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41384"
}
]
}
}

188
2011/1xxx/CVE-2011-1033.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1033",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote attackers to execute arbitrary code via crafted arguments in the USELASTCOMMITTED session environment option in a SQL SET ENVIRONMENT statement."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110207 ZDI-11-050: IBM Informix Dynamic Server SET ENVIRONMENT Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516250/100/0/threaded"
},
{
"name" : "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-ibm",
"refsource" : "MISC",
"url" : "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-ibm"
},
{
"name" : "http://zerodayinitiative.com/advisories/ZDI-11-050/",
"refsource" : "MISC",
"url" : "http://zerodayinitiative.com/advisories/ZDI-11-050/"
},
{
"name" : "46230",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46230"
},
{
"name" : "43212",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43212"
},
{
"name" : "8078",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8078"
},
{
"name" : "ADV-2011-0309",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0309"
},
{
"name" : "ibm-informix-dynamic-oninit-bo(65209)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65209"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote attackers to execute arbitrary code via crafted arguments in the USELASTCOMMITTED session environment option in a SQL SET ENVIRONMENT statement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0309",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0309"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-050/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-050/"
},
{
"name": "46230",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46230"
},
{
"name": "8078",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8078"
},
{
"name": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-ibm",
"refsource": "MISC",
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-ibm"
},
{
"name": "43212",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43212"
},
{
"name": "ibm-informix-dynamic-oninit-bo(65209)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65209"
},
{
"name": "20110207 ZDI-11-050: IBM Informix Dynamic Server SET ENVIRONMENT Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516250/100/0/threaded"
}
]
}
}

348
2011/1xxx/CVE-2011-1184.json
View File

@ -1,177 +1,177 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1184",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://svn.apache.org/viewvc?view=rev&rev=1087655",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?view=rev&rev=1087655"
},
{
"name" : "http://svn.apache.org/viewvc?view=rev&rev=1158180",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?view=rev&rev=1158180"
},
{
"name" : "http://svn.apache.org/viewvc?view=rev&rev=1159309",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?view=rev&rev=1159309"
},
{
"name" : "http://tomcat.apache.org/security-5.html",
"refsource" : "CONFIRM",
"url" : "http://tomcat.apache.org/security-5.html"
},
{
"name" : "http://tomcat.apache.org/security-6.html",
"refsource" : "CONFIRM",
"url" : "http://tomcat.apache.org/security-6.html"
},
{
"name" : "http://tomcat.apache.org/security-7.html",
"refsource" : "CONFIRM",
"url" : "http://tomcat.apache.org/security-7.html"
},
{
"name" : "DSA-2401",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2401"
},
{
"name" : "HPSBUX02860",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=136485229118404&w=2"
},
{
"name" : "SSRT101146",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=136485229118404&w=2"
},
{
"name" : "HPSBST02955",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=139344343412337&w=2"
},
{
"name" : "HPSBOV02762",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133469267822771&w=2"
},
{
"name" : "SSRT100825",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133469267822771&w=2"
},
{
"name" : "MDVSA-2011:156",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:156"
},
{
"name" : "RHSA-2011:1845",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-1845.html"
},
{
"name" : "RHSA-2012:0074",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0074.html"
},
{
"name" : "RHSA-2012:0075",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0075.html"
},
{
"name" : "RHSA-2012:0076",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0076.html"
},
{
"name" : "RHSA-2012:0077",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0077.html"
},
{
"name" : "RHSA-2012:0078",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0078.html"
},
{
"name" : "RHSA-2012:0325",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0325.html"
},
{
"name" : "SUSE-SU-2012:0155",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html"
},
{
"name" : "openSUSE-SU-2012:0208",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html"
},
{
"name" : "oval:org.mitre.oval:def:19169",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19169"
},
{
"name" : "57126",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57126"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:156",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:156"
},
{
"name": "DSA-2401",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2401"
},
{
"name": "SUSE-SU-2012:0155",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html"
},
{
"name": "RHSA-2012:0325",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0325.html"
},
{
"name": "HPSBUX02860",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2"
},
{
"name": "http://svn.apache.org/viewvc?view=rev&rev=1159309",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=rev&rev=1159309"
},
{
"name": "RHSA-2012:0078",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0078.html"
},
{
"name": "RHSA-2011:1845",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1845.html"
},
{
"name": "http://svn.apache.org/viewvc?view=rev&rev=1158180",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=rev&rev=1158180"
},
{
"name": "RHSA-2012:0075",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0075.html"
},
{
"name": "RHSA-2012:0074",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0074.html"
},
{
"name": "http://tomcat.apache.org/security-7.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name": "HPSBOV02762",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2"
},
{
"name": "http://svn.apache.org/viewvc?view=rev&rev=1087655",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=rev&rev=1087655"
},
{
"name": "http://tomcat.apache.org/security-6.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-6.html"
},
{
"name": "57126",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57126"
},
{
"name": "SSRT100825",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2"
},
{
"name": "http://tomcat.apache.org/security-5.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-5.html"
},
{
"name": "openSUSE-SU-2012:0208",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html"
},
{
"name": "SSRT101146",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2"
},
{
"name": "RHSA-2012:0076",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0076.html"
},
{
"name": "HPSBST02955",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2"
},
{
"name": "oval:org.mitre.oval:def:19169",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19169"
},
{
"name": "RHSA-2012:0077",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0077.html"
}
]
}
}

168
2011/1xxx/CVE-2011-1828.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1828",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "usb-creator-helper in usb-creator before 0.2.28.3 does not enforce intended PolicyKit restrictions, which allows local users to perform arbitrary unmount operations via the UnmountFile method in a dbus-send command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-1828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://launchpad.net/bugs/771553",
"refsource" : "CONFIRM",
"url" : "https://launchpad.net/bugs/771553"
},
{
"name" : "USN-1127-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-1127-1/"
},
{
"name" : "47679",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47679"
},
{
"name" : "44413",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44413"
},
{
"name" : "ADV-2011-1143",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/1143"
},
{
"name" : "usbcreator-unspecified-sec-bypass(67241)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67241"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "usb-creator-helper in usb-creator before 0.2.28.3 does not enforce intended PolicyKit restrictions, which allows local users to perform arbitrary unmount operations via the UnmountFile method in a dbus-send command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1127-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-1127-1/"
},
{
"name": "47679",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47679"
},
{
"name": "ADV-2011-1143",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1143"
},
{
"name": "https://launchpad.net/bugs/771553",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/771553"
},
{
"name": "usbcreator-unspecified-sec-bypass(67241)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67241"
},
{
"name": "44413",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44413"
}
]
}
}

138
2011/1xxx/CVE-2011-1840.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1840",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The MartiniCreations PassmanLite Password Manager application before 1.48 for Android stores the master password and unspecified other account information in cleartext, which allows local users to obtain sensitive information by leveraging shell access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.simonroses.com/wp-content/uploads/2011/05/SRF-SA-2011-01.txt",
"refsource" : "MISC",
"url" : "http://www.simonroses.com/wp-content/uploads/2011/05/SRF-SA-2011-01.txt"
},
{
"name" : "47765",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47765"
},
{
"name" : "8250",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8250"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MartiniCreations PassmanLite Password Manager application before 1.48 for Android stores the master password and unspecified other account information in cleartext, which allows local users to obtain sensitive information by leveraging shell access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8250",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8250"
},
{
"name": "47765",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47765"
},
{
"name": "http://www.simonroses.com/wp-content/uploads/2011/05/SRF-SA-2011-01.txt",
"refsource": "MISC",
"url": "http://www.simonroses.com/wp-content/uploads/2011/05/SRF-SA-2011-01.txt"
}
]
}
}

188
2011/1xxx/CVE-2011-1924.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1924",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the policy_summarize function in or/policies.c in Tor before 0.2.1.30 allows remote attackers to cause a denial of service (directory authority crash) via a crafted policy that triggers creation of a long port list."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[tor-announce] 20110228 Tor 0.2.1.30 is released",
"refsource" : "MLIST",
"url" : "https://lists.torproject.org/pipermail/tor-announce/2011-February/000000.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=705192",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=705192"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=705194",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=705194"
},
{
"name" : "https://gitweb.torproject.org/tor.git/commit/43414eb98821d3b5c6c65181d7545ce938f82c8e",
"refsource" : "CONFIRM",
"url" : "https://gitweb.torproject.org/tor.git/commit/43414eb98821d3b5c6c65181d7545ce938f82c8e"
},
{
"name" : "FEDORA-2011-7972",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061258.html"
},
{
"name" : "46618",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46618"
},
{
"name" : "43548",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43548"
},
{
"name" : "44862",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44862"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the policy_summarize function in or/policies.c in Tor before 0.2.1.30 allows remote attackers to cause a denial of service (directory authority crash) via a crafted policy that triggers creation of a long port list."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43548",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43548"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=705194",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=705194"
},
{
"name": "44862",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44862"
},
{
"name": "46618",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46618"
},
{
"name": "https://gitweb.torproject.org/tor.git/commit/43414eb98821d3b5c6c65181d7545ce938f82c8e",
"refsource": "CONFIRM",
"url": "https://gitweb.torproject.org/tor.git/commit/43414eb98821d3b5c6c65181d7545ce938f82c8e"
},
{
"name": "FEDORA-2011-7972",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061258.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=705192",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=705192"
},
{
"name": "[tor-announce] 20110228 Tor 0.2.1.30 is released",
"refsource": "MLIST",
"url": "https://lists.torproject.org/pipermail/tor-announce/2011-February/000000.html"
}
]
}
}

128
2011/5xxx/CVE-2011-5025.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5025",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the wiki application in Yaws 1.88 allow remote attackers to inject arbitrary web script or HTML via (1) the tag parameter to editTag.yaws, (2) the index parameter to showOldPage.yaws, (3) the node parameter to allRefsToMe.yaws, or (4) the text parameter to editPage.yaws."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://sitewat.ch/Advisory/View/4",
"refsource" : "MISC",
"url" : "https://sitewat.ch/Advisory/View/4"
},
{
"name" : "51276",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51276"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the wiki application in Yaws 1.88 allow remote attackers to inject arbitrary web script or HTML via (1) the tag parameter to editTag.yaws, (2) the index parameter to showOldPage.yaws, (3) the node parameter to allRefsToMe.yaws, or (4) the text parameter to editPage.yaws."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51276"
},
{
"name": "https://sitewat.ch/Advisory/View/4",
"refsource": "MISC",
"url": "https://sitewat.ch/Advisory/View/4"
}
]
}
}

138
2011/5xxx/CVE-2011-5179.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5179",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20111127 Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/520662/100/0/threaded"
},
{
"name" : "50824",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/50824"
},
{
"name" : "skysaappbar-skysa-xss(71486)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71486"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50824",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50824"
},
{
"name": "skysaappbar-skysa-xss(71486)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71486"
},
{
"name": "20111127 Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/520662/100/0/threaded"
}
]
}
}

32
2014/3xxx/CVE-2014-3213.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3213",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3213",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

148
2014/3xxx/CVE-2014-3369.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3369",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SIP IX implementation in Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.1.1 allows remote attackers to cause a denial of service (device reload) via crafted SDP packets, aka Bug ID CSCuo42252."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35828",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35828"
},
{
"name" : "20141015 Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-vcs"
},
{
"name" : "1031055",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031055"
},
{
"name" : "60850",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60850"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SIP IX implementation in Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.1.1 allows remote attackers to cause a denial of service (device reload) via crafted SDP packets, aka Bug ID CSCuo42252."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60850",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60850"
},
{
"name": "1031055",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031055"
},
{
"name": "20141015 Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-vcs"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35828",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35828"
}
]
}
}

268
2014/3xxx/CVE-2014-3515.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3515",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to \"type confusion\" issues in (1) ArrayObject and (2) SPLObjectStorage."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.php.net/?p=php-src.git;a=commit;h=88223c5245e9b470e1e6362bfd96829562ffe6ab",
"refsource" : "CONFIRM",
"url" : "http://git.php.net/?p=php-src.git;a=commit;h=88223c5245e9b470e1e6362bfd96829562ffe6ab"
},
{
"name" : "http://www.php.net/ChangeLog-5.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/ChangeLog-5.php"
},
{
"name" : "https://bugs.php.net/bug.php?id=67492",
"refsource" : "CONFIRM",
"url" : "https://bugs.php.net/bug.php?id=67492"
},
{
"name" : "http://support.apple.com/kb/HT6443",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT6443"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683486",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683486"
},
{
"name" : "DSA-2974",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2974"
},
{
"name" : "HPSBUX03102",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=141017844705317&w=2"
},
{
"name" : "SSRT101681",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=141017844705317&w=2"
},
{
"name" : "RHSA-2014:1765",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name" : "RHSA-2014:1766",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name" : "openSUSE-SU-2014:1236",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html"
},
{
"name" : "68237",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68237"
},
{
"name" : "59794",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59794"
},
{
"name" : "59831",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59831"
},
{
"name" : "60998",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60998"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to \"type confusion\" issues in (1) ArrayObject and (2) SPLObjectStorage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.php.net/?p=php-src.git;a=commit;h=88223c5245e9b470e1e6362bfd96829562ffe6ab",
"refsource": "CONFIRM",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=88223c5245e9b470e1e6362bfd96829562ffe6ab"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683486",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683486"
},
{
"name": "RHSA-2014:1766",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name": "https://bugs.php.net/bug.php?id=67492",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=67492"
},
{
"name": "HPSBUX03102",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=141017844705317&w=2"
},
{
"name": "DSA-2974",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2974"
},
{
"name": "59794",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59794"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "60998",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60998"
},
{
"name": "http://support.apple.com/kb/HT6443",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6443"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "RHSA-2014:1765",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name": "SSRT101681",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=141017844705317&w=2"
},
{
"name": "68237",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68237"
},
{
"name": "59831",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59831"
},
{
"name": "openSUSE-SU-2014:1236",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html"
}
]
}
}

148
2014/3xxx/CVE-2014-3756.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3756",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel name in a Qt dialog, (3) subject common name or (4) email address to the Certificate Wizard, or (5) server name in a tooltip."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140514 Re: Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/05/15/4"
},
{
"name" : "[oss-security] 20140515 Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/05/15/1"
},
{
"name" : "http://mumble.info/security/Mumble-SA-2014-006.txt",
"refsource" : "CONFIRM",
"url" : "http://mumble.info/security/Mumble-SA-2014-006.txt"
},
{
"name" : "67401",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67401"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel name in a Qt dialog, (3) subject common name or (4) email address to the Certificate Wizard, or (5) server name in a tooltip."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mumble.info/security/Mumble-SA-2014-006.txt",
"refsource": "CONFIRM",
"url": "http://mumble.info/security/Mumble-SA-2014-006.txt"
},
{
"name": "67401",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67401"
},
{
"name": "[oss-security] 20140514 Re: Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/15/4"
},
{
"name": "[oss-security] 20140515 Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/15/1"
}
]
}
}

32
2014/3xxx/CVE-2014-3964.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3964",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3964",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

138
2014/7xxx/CVE-2014-7424.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7424",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Quran Abu Bakr AshShatiri Free (aka com.wQuranAbuBakrFREE) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#483761",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/483761"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Quran Abu Bakr AshShatiri Free (aka com.wQuranAbuBakrFREE) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#483761",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/483761"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

148
2014/7xxx/CVE-2014-7968.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7968",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "VDSM allows remote attackers to cause a denial of service (connection blocking) by keeping an SSL connection open."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7968",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141008 CVE request for VDSM denial of service",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/10/08/6"
},
{
"name" : "[oss-security] 20141008 Re: CVE request for VDSM denial of service",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/10/08/18"
},
{
"name" : "[oss-security] 20141008 Re: CVE request for VDSM denial of service",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/10/08/16"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1150812",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1150812"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VDSM allows remote attackers to cause a denial of service (connection blocking) by keeping an SSL connection open."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20141008 Re: CVE request for VDSM denial of service",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/10/08/16"
},
{
"name": "[oss-security] 20141008 Re: CVE request for VDSM denial of service",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/10/08/18"
},
{
"name": "[oss-security] 20141008 CVE request for VDSM denial of service",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/10/08/6"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1150812",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1150812"
}
]
}
}

158
2014/7xxx/CVE-2014-7980.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7980",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in template.php in Zen theme 7.x-3.x before 7.x-3.3 and 7.x-5.x before 7.x-5.5 for Drupal allow remote authenticated users with the \"administer themes\" permission to inject arbitrary web script or HTML via the skip_link_text setting and unspecified other theme settings."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/2254925",
"refsource" : "MISC",
"url" : "http://drupal.org/node/2254925"
},
{
"name" : "https://www.drupal.org/node/2254835",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2254835"
},
{
"name" : "https://www.drupal.org/node/2254837",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2254837"
},
{
"name" : "67175",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67175"
},
{
"name" : "58318",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58318"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in template.php in Zen theme 7.x-3.x before 7.x-3.3 and 7.x-5.x before 7.x-5.5 for Drupal allow remote authenticated users with the \"administer themes\" permission to inject arbitrary web script or HTML via the skip_link_text setting and unspecified other theme settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2254837",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2254837"
},
{
"name": "67175",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67175"
},
{
"name": "58318",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58318"
},
{
"name": "http://drupal.org/node/2254925",
"refsource": "MISC",
"url": "http://drupal.org/node/2254925"
},
{
"name": "https://www.drupal.org/node/2254835",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2254835"
}
]
}
}

168
2014/8xxx/CVE-2014-8084.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8084",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ajaxfile parameter in a custom action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141231 [KIS-2014-15] Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534360/100/0/threaded"
},
{
"name" : "20141231 [KIS-2014-15] Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Dec/133"
},
{
"name" : "http://karmainsecurity.com/KIS-2014-15",
"refsource" : "MISC",
"url" : "http://karmainsecurity.com/KIS-2014-15"
},
{
"name" : "http://packetstormsecurity.com/files/129776/Osclass-3.4.2-Local-File-Inclusion.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129776/Osclass-3.4.2-Local-File-Inclusion.html"
},
{
"name" : "http://blog.osclass.org/2014/10/09/osclass-3-4-3-ready-download/",
"refsource" : "CONFIRM",
"url" : "http://blog.osclass.org/2014/10/09/osclass-3-4-3-ready-download/"
},
{
"name" : "71841",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71841"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ajaxfile parameter in a custom action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141231 [KIS-2014-15] Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534360/100/0/threaded"
},
{
"name": "71841",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71841"
},
{
"name": "http://karmainsecurity.com/KIS-2014-15",
"refsource": "MISC",
"url": "http://karmainsecurity.com/KIS-2014-15"
},
{
"name": "http://blog.osclass.org/2014/10/09/osclass-3-4-3-ready-download/",
"refsource": "CONFIRM",
"url": "http://blog.osclass.org/2014/10/09/osclass-3-4-3-ready-download/"
},
{
"name": "http://packetstormsecurity.com/files/129776/Osclass-3.4.2-Local-File-Inclusion.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129776/Osclass-3.4.2-Local-File-Inclusion.html"
},
{
"name": "20141231 [KIS-2014-15] Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/133"
}
]
}
}

32
2014/8xxx/CVE-2014-8232.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8232",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-8232",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

32
2014/8xxx/CVE-2014-8332.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8332",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8332",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

128
2014/8xxx/CVE-2014-8780.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8780",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Jease 2.11 allows remote authenticated users to inject arbitrary web script or HTML via a content section note."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141217 Jease CMS v2.11 - Persistent UI Web Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534272/100/0/threaded"
},
{
"name" : "https://www.vulnerability-lab.com/get_content.php?id=1373",
"refsource" : "MISC",
"url" : "https://www.vulnerability-lab.com/get_content.php?id=1373"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Jease 2.11 allows remote authenticated users to inject arbitrary web script or HTML via a content section note."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141217 Jease CMS v2.11 - Persistent UI Web Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534272/100/0/threaded"
},
{
"name": "https://www.vulnerability-lab.com/get_content.php?id=1373",
"refsource": "MISC",
"url": "https://www.vulnerability-lab.com/get_content.php?id=1373"
}
]
}
}

188
2014/9xxx/CVE-2014-9622.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9622",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-9622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141114 xdg-open RCE",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Nov/36"
},
{
"name" : "[oss-security] 20150117 Re: CVE Request: xdg-utils: xdg-open: command injection vulnerability",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/01/17/10"
},
{
"name" : "https://bugs.freedesktop.org/show_bug.cgi?id=66670",
"refsource" : "CONFIRM",
"url" : "https://bugs.freedesktop.org/show_bug.cgi?id=66670"
},
{
"name" : "https://bugs.gentoo.org/show_bug.cgi?id=472888",
"refsource" : "CONFIRM",
"url" : "https://bugs.gentoo.org/show_bug.cgi?id=472888"
},
{
"name" : "DSA-3131",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3131"
},
{
"name" : "GLSA-201701-09",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-09"
},
{
"name" : "71284",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71284"
},
{
"name" : "62155",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62155"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=66670",
"refsource": "CONFIRM",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=66670"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=472888",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=472888"
},
{
"name": "20141114 xdg-open RCE",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/36"
},
{
"name": "[oss-security] 20150117 Re: CVE Request: xdg-utils: xdg-open: command injection vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/17/10"
},
{
"name": "62155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62155"
},
{
"name": "71284",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71284"
},
{
"name": "DSA-3131",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3131"
},
{
"name": "GLSA-201701-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-09"
}
]
}
}

208
2014/9xxx/CVE-2014-9844.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9844",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160602 Re: ImageMagick CVEs",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=36ed9419a68cb1356b1843b48cc12788179cdaee",
"refsource" : "CONFIRM",
"url" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=36ed9419a68cb1356b1843b48cc12788179cdaee"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343502",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343502"
},
{
"name" : "SUSE-SU-2016:1782",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html"
},
{
"name" : "SUSE-SU-2016:1783",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html"
},
{
"name" : "SUSE-SU-2016:1784",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html"
},
{
"name" : "openSUSE-SU-2016:1724",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html"
},
{
"name" : "openSUSE-SU-2016:1748",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html"
},
{
"name" : "openSUSE-SU-2016:1833",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html"
},
{
"name" : "USN-3131-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3131-1"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343502",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343502"
},
{
"name": "openSUSE-SU-2016:1833",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html"
},
{
"name": "openSUSE-SU-2016:1724",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html"
},
{
"name": "SUSE-SU-2016:1782",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html"
},
{
"name": "[oss-security] 20160602 Re: ImageMagick CVEs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name": "openSUSE-SU-2016:1748",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html"
},
{
"name": "SUSE-SU-2016:1784",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html"
},
{
"name": "SUSE-SU-2016:1783",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html"
},
{
"name": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=36ed9419a68cb1356b1843b48cc12788179cdaee",
"refsource": "CONFIRM",
"url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=36ed9419a68cb1356b1843b48cc12788179cdaee"
},
{
"name": "USN-3131-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3131-1"
}
]
}
}

32
2016/2xxx/CVE-2016-2080.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2080",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2080",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

128
2016/2xxx/CVE-2016-2084.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2084",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP AAM 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP DNS 12.0.0 before build 1.14.628; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, and 11.6.0 before build 6.204.442; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 build 685-HF10; BIG-IQ Cloud, Device, and Security 4.2.0 through 4.5.0; and BIG-IQ ADC 4.5.0 do not properly regenerate certificates and keys when deploying cloud images in Amazon Web Services (AWS), Azure or Verizon cloud services environments, which allows attackers to obtain sensitive information or cause a denial of service (disruption) by leveraging a target instance configuration."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.f5.com/kb/en-us/solutions/public/k/11/sol11772107.html",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/kb/en-us/solutions/public/k/11/sol11772107.html"
},
{
"name" : "1035520",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035520"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP AAM 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP DNS 12.0.0 before build 1.14.628; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, and 11.6.0 before build 6.204.442; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 build 685-HF10; BIG-IQ Cloud, Device, and Security 4.2.0 through 4.5.0; and BIG-IQ ADC 4.5.0 do not properly regenerate certificates and keys when deploying cloud images in Amazon Web Services (AWS), Azure or Verizon cloud services environments, which allows attackers to obtain sensitive information or cause a denial of service (disruption) by leveraging a target instance configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035520",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035520"
},
{
"name": "https://support.f5.com/kb/en-us/solutions/public/k/11/sol11772107.html",
"refsource": "CONFIRM",
"url": "https://support.f5.com/kb/en-us/solutions/public/k/11/sol11772107.html"
}
]
}
}

128
2016/2xxx/CVE-2016-2486.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2486",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate the relationship between allocated memory and the frame size, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27793371."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-2486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-06-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-06-01.html"
},
{
"name" : "https://android.googlesource.com/platform/frameworks/av/+/ad40e57890f81a3cf436c5f06da66396010bd9e5",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/av/+/ad40e57890f81a3cf436c5f06da66396010bd9e5"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate the relationship between allocated memory and the frame size, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27793371."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://android.googlesource.com/platform/frameworks/av/+/ad40e57890f81a3cf436c5f06da66396010bd9e5",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/ad40e57890f81a3cf436c5f06da66396010bd9e5"
},
{
"name": "http://source.android.com/security/bulletin/2016-06-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-06-01.html"
}
]
}
}

32
2016/2xxx/CVE-2016-2743.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2743",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2743",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

218
2016/2xxx/CVE-2016-2830.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2830",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple IP addresses."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-2830",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-63.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-63.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1255270",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1255270"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name" : "DSA-3640",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3640"
},
{
"name" : "GLSA-201701-15",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-15"
},
{
"name" : "RHSA-2016:1551",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1551.html"
},
{
"name" : "openSUSE-SU-2016:1964",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html"
},
{
"name" : "openSUSE-SU-2016:2026",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html"
},
{
"name" : "USN-3044-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3044-1"
},
{
"name" : "92261",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92261"
},
{
"name" : "1036508",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036508"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple IP addresses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3640",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3640"
},
{
"name": "1036508",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036508"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "USN-3044-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3044-1"
},
{
"name": "RHSA-2016:1551",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1551.html"
},
{
"name": "GLSA-201701-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1255270",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1255270"
},
{
"name": "openSUSE-SU-2016:1964",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html"
},
{
"name": "92261",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92261"
},
{
"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-63.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-63.html"
},
{
"name": "openSUSE-SU-2016:2026",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html"
}
]
}
}

170
2016/2xxx/CVE-2016-2880.json
View File

@ -1,88 +1,88 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-2880",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "QRadar SIEM",
"version" : {
"version_data" : [
{
"version_value" : "7.1 MR1"
},
{
"version_value" : "7.1"
},
{
"version_value" : "7.0"
},
{
"version_value" : "7.2"
},
{
"version_value" : "7.1 MR2"
},
{
"version_value" : "7"
},
{
"version_value" : "7.1 MR2"
},
{
"version_value" : "7.2.3"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user. IBM Reference #: 1997340."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-2880",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QRadar SIEM",
"version": {
"version_data": [
{
"version_value": "7.1 MR1"
},
{
"version_value": "7.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.2"
},
{
"version_value": "7.1 MR2"
},
{
"version_value": "7"
},
{
"version_value": "7.1 MR2"
},
{
"version_value": "7.2.3"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21997340",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21997340"
},
{
"name" : "96614",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96614"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user. IBM Reference #: 1997340."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96614",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96614"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21997340",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21997340"
}
]
}
}

168
2016/6xxx/CVE-2016-6130.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6130",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a certain length value, aka a \"double fetch\" vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20160630 [CVE-2016-6130] Double-Fetch Vulnerability in Linux-4.5/drivers/s390/char/sclp_ctl.c",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/538803/30/0/threaded"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=532c34b5fbf1687df63b3fcd5b2846312ac943c6",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=532c34b5fbf1687df63b3fcd5b2846312ac943c6"
},
{
"name" : "https://bugzilla.kernel.org/show_bug.cgi?id=116741",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.kernel.org/show_bug.cgi?id=116741"
},
{
"name" : "https://github.com/torvalds/linux/commit/532c34b5fbf1687df63b3fcd5b2846312ac943c6",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/532c34b5fbf1687df63b3fcd5b2846312ac943c6"
},
{
"name" : "DSA-3616",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3616"
},
{
"name" : "91540",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91540"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a certain length value, aka a \"double fetch\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/532c34b5fbf1687df63b3fcd5b2846312ac943c6",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/532c34b5fbf1687df63b3fcd5b2846312ac943c6"
},
{
"name": "DSA-3616",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3616"
},
{
"name": "91540",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91540"
},
{
"name": "20160630 [CVE-2016-6130] Double-Fetch Vulnerability in Linux-4.5/drivers/s390/char/sclp_ctl.c",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538803/30/0/threaded"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=532c34b5fbf1687df63b3fcd5b2846312ac943c6",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=532c34b5fbf1687df63b3fcd5b2846312ac943c6"
},
{
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=116741",
"refsource": "CONFIRM",
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=116741"
}
]
}
}

140
2016/6xxx/CVE-2016-6702.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2016-6702",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android-4.4.4"
},
{
"version_value" : "Android-5.0.2"
},
{
"version_value" : "Android-5.1.1"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses libjpeg. Android ID: A-30259087."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote code execution"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-6702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-4.4.4"
},
{
"version_value": "Android-5.0.2"
},
{
"version_value": "Android-5.1.1"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2016-11-01.html"
},
{
"name" : "94160",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94160"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses libjpeg. Android ID: A-30259087."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2016-11-01.html"
},
{
"name": "94160",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94160"
}
]
}
}

32
2016/7xxx/CVE-2016-7760.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7760",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7760",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

32
2016/7xxx/CVE-2016-7956.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7956",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7956",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

272
2017/5xxx/CVE-2017-5435.json
View File

@ -1,139 +1,139 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2017-5435",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Thunderbird",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "52.1"
}
]
}
},
{
"product_name" : "Firefox ESR",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "45.9"
},
{
"version_affected" : "<",
"version_value" : "52.1"
}
]
}
},
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "53"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use-after-free during transaction processing in the editor"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2017-5435",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "52.1"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "45.9"
},
{
"version_affected": "<",
"version_value": "52.1"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "53"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1350683",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1350683"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-10/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-10/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-11/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-11/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-12/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-12/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-13/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-13/"
},
{
"name" : "DSA-3831",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3831"
},
{
"name" : "RHSA-2017:1104",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1104"
},
{
"name" : "RHSA-2017:1106",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1106"
},
{
"name" : "RHSA-2017:1201",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1201"
},
{
"name" : "97940",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97940"
},
{
"name" : "1038320",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038320"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free during transaction processing in the editor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1106",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1106"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-12/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-12/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-11/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-11/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-10/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-10/"
},
{
"name": "97940",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97940"
},
{
"name": "DSA-3831",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3831"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-13/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-13/"
},
{
"name": "1038320",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038320"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1350683",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1350683"
},
{
"name": "RHSA-2017:1104",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1104"
},
{
"name": "RHSA-2017:1201",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
}
]
}
}

168
2017/5xxx/CVE-2017-5525.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5525",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-5525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170118 CVE request Qemu: audio: memory leakage in ac97 device",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/01/17/19"
},
{
"name" : "[oss-security] 20170118 Re: CVE request Qemu: audio: memory leakage in ac97 device",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/01/18/7"
},
{
"name" : "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name" : "http://git.qemu-project.org/?p=qemu.git;a=commit;h=12351a91da97b414eec8cdb09f1d9f41e535a401",
"refsource" : "CONFIRM",
"url" : "http://git.qemu-project.org/?p=qemu.git;a=commit;h=12351a91da97b414eec8cdb09f1d9f41e535a401"
},
{
"name" : "GLSA-201702-28",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201702-28"
},
{
"name" : "95671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95671"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170118 Re: CVE request Qemu: audio: memory leakage in ac97 device",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/18/7"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "GLSA-201702-28",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "95671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95671"
},
{
"name": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=12351a91da97b414eec8cdb09f1d9f41e535a401",
"refsource": "CONFIRM",
"url": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=12351a91da97b414eec8cdb09f1d9f41e535a401"
},
{
"name": "[oss-security] 20170118 CVE request Qemu: audio: memory leakage in ac97 device",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/17/19"
}
]
}
}

168
2017/5xxx/CVE-2017-5580.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5580",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The parse_instruction function in gallium/auxiliary/tgsi/tgsi_text.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and process crash) via a crafted texture instruction."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-5580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170124 CVE request Virglrenderer: OOB access while parsing texture instruction",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/01/24/5"
},
{
"name" : "[oss-security] 20170125 Re: CVE request Virglrenderer: OOB access while parsing texture instruction",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/01/25/5"
},
{
"name" : "[virglrenderer-devel] 20170210 [ANNOUNCE] virglrenderer 0.6.0",
"refsource" : "MLIST",
"url" : "https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html"
},
{
"name" : "https://cgit.freedesktop.org/virglrenderer/commit/src/gallium/auxiliary/tgsi/tgsi_text.c?id=28894a30a17a84529be102b21118e55d6c9f23fa",
"refsource" : "CONFIRM",
"url" : "https://cgit.freedesktop.org/virglrenderer/commit/src/gallium/auxiliary/tgsi/tgsi_text.c?id=28894a30a17a84529be102b21118e55d6c9f23fa"
},
{
"name" : "GLSA-201707-06",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201707-06"
},
{
"name" : "95782",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95782"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The parse_instruction function in gallium/auxiliary/tgsi/tgsi_text.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and process crash) via a crafted texture instruction."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201707-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-06"
},
{
"name": "[virglrenderer-devel] 20170210 [ANNOUNCE] virglrenderer 0.6.0",
"refsource": "MLIST",
"url": "https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html"
},
{
"name": "https://cgit.freedesktop.org/virglrenderer/commit/src/gallium/auxiliary/tgsi/tgsi_text.c?id=28894a30a17a84529be102b21118e55d6c9f23fa",
"refsource": "CONFIRM",
"url": "https://cgit.freedesktop.org/virglrenderer/commit/src/gallium/auxiliary/tgsi/tgsi_text.c?id=28894a30a17a84529be102b21118e55d6c9f23fa"
},
{
"name": "95782",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95782"
},
{
"name": "[oss-security] 20170124 CVE request Virglrenderer: OOB access while parsing texture instruction",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/24/5"
},
{
"name": "[oss-security] 20170125 Re: CVE request Virglrenderer: OOB access while parsing texture instruction",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/25/5"
}
]
}
}