admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:51:27 +00:00
parent 3c4e608ba4
commit dcc31bd81d
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
52 changed files with 3880 additions and 3880 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

180
2006/0xxx/CVE-2006-0183.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0183",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Direct static code injection vulnerability in edit.php in ACal Calendar Project 2.2.5 allows authenticated users to execute arbitrary PHP code via (1) the edit=header value, which modifies header.php, or (2) the edit=footer value, which modifies footer.php. NOTE: this issue might be resultant from the poor authentication as identified by CVE-2006-0182. Since the design of the product allows the administrator to edit the code, perhaps this issue should not be included in CVE, except as a consequence of CVE-2006-0182."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060112 [eVuln] ACal Authentication Bypass & PHP Code Insertion",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/421744/100/0/threaded"
},
{
"name" : "http://evuln.com/vulns/25/summary.html",
"refsource" : "MISC",
"url" : "http://evuln.com/vulns/25/summary.html"
},
{
"name" : "ADV-2006-0152",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0152"
},
{
"name" : "22345",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22345"
},
{
"name" : "18432",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18432"
},
{
"name" : "343",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/343"
},
{
"name" : "acal-header-footer-code-execute(24107)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24107"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Direct static code injection vulnerability in edit.php in ACal Calendar Project 2.2.5 allows authenticated users to execute arbitrary PHP code via (1) the edit=header value, which modifies header.php, or (2) the edit=footer value, which modifies footer.php. NOTE: this issue might be resultant from the poor authentication as identified by CVE-2006-0182. Since the design of the product allows the administrator to edit the code, perhaps this issue should not be included in CVE, except as a consequence of CVE-2006-0182."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22345",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22345"
},
{
"name": "343",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/343"
},
{
"name": "http://evuln.com/vulns/25/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/25/summary.html"
},
{
"name": "ADV-2006-0152",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0152"
},
{
"name": "18432",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18432"
},
{
"name": "20060112 [eVuln] ACal Authentication Bypass & PHP Code Insertion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421744/100/0/threaded"
},
{
"name": "acal-header-footer-code-execute(24107)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24107"
}
]
}
}

170
2006/0xxx/CVE-2006-0344.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0344",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Intervations FileCOPA FTP Server 1.01 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the (1) STOR and (2) RETR commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.nii.co.in/vuln/filecopa.html",
"refsource" : "MISC",
"url" : "http://www.nii.co.in/vuln/filecopa.html"
},
{
"name" : "16335",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16335"
},
{
"name" : "ADV-2006-0285",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0285"
},
{
"name" : "22694",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22694"
},
{
"name" : "18550",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18550"
},
{
"name" : "filecopa-ftp-directory-traversal(24257)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24257"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Intervations FileCOPA FTP Server 1.01 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the (1) STOR and (2) RETR commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18550",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18550"
},
{
"name": "filecopa-ftp-directory-traversal(24257)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24257"
},
{
"name": "http://www.nii.co.in/vuln/filecopa.html",
"refsource": "MISC",
"url": "http://www.nii.co.in/vuln/filecopa.html"
},
{
"name": "22694",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22694"
},
{
"name": "ADV-2006-0285",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0285"
},
{
"name": "16335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16335"
}
]
}
}

230
2006/0xxx/CVE-2006-0663.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0663",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino iNotes Client 6.5.4 and 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) an email subject; (2) an encoded javascript URI, as demonstrated using \"java
script:\"; or (3) when the Domino Web Access ActiveX control is not installed, via an email attachment filename."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://secunia.com/secunia_research/2005-38/advisory/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2005-38/advisory/"
},
{
"name" : "http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229919",
"refsource" : "CONFIRM",
"url" : "http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229919"
},
{
"name" : "16577",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16577"
},
{
"name" : "ADV-2006-0499",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0499"
},
{
"name" : "23077",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23077"
},
{
"name" : "23078",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23078"
},
{
"name" : "23079",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23079"
},
{
"name" : "1015610",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015610"
},
{
"name" : "16340",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16340"
},
{
"name" : "domino-webaccess-attachment-xss(24611)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24611"
},
{
"name" : "domino-webaccess-filename-xss(24614)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24614"
},
{
"name" : "domino-webaccess-javascript-xss(24613)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24613"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino iNotes Client 6.5.4 and 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) an email subject; (2) an encoded javascript URI, as demonstrated using \"java
script:\"; or (3) when the Domino Web Access ActiveX control is not installed, via an email attachment filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://secunia.com/secunia_research/2005-38/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-38/advisory/"
},
{
"name": "ADV-2006-0499",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0499"
},
{
"name": "domino-webaccess-filename-xss(24614)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24614"
},
{
"name": "domino-webaccess-attachment-xss(24611)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24611"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229919",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229919"
},
{
"name": "23079",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23079"
},
{
"name": "23077",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23077"
},
{
"name": "16577",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16577"
},
{
"name": "23078",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23078"
},
{
"name": "domino-webaccess-javascript-xss(24613)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24613"
},
{
"name": "16340",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16340"
},
{
"name": "1015610",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015610"
}
]
}
}

210
2006/3xxx/CVE-2006-3377.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3377",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in JMB Software AutoRank PHP 3.02 and earlier, and AutoRank Pro 5.01 and earlier, allows remote attackers to inject arbitrary web script or HTML via the (1) Keyword parameter in search.php and the (2) Username parameter in main.cgi."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060702 [MajorSecurity #19] AutoRank <= 5.01 - Multiple XSS and cookie disclosure",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/438941/100/0/threaded"
},
{
"name" : "http://www.majorsecurity.de/advisory/major_rls19.txt",
"refsource" : "MISC",
"url" : "http://www.majorsecurity.de/advisory/major_rls19.txt"
},
{
"name" : "18796",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18796"
},
{
"name" : "ADV-2006-2658",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2658"
},
{
"name" : "ADV-2006-2659",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2659"
},
{
"name" : "1016428",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016428"
},
{
"name" : "1016429",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016429"
},
{
"name" : "20903",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20903"
},
{
"name" : "20929",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20929"
},
{
"name" : "autorankpro-adminmain-xss(27552)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27552"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in JMB Software AutoRank PHP 3.02 and earlier, and AutoRank Pro 5.01 and earlier, allows remote attackers to inject arbitrary web script or HTML via the (1) Keyword parameter in search.php and the (2) Username parameter in main.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2658",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2658"
},
{
"name": "20060702 [MajorSecurity #19] AutoRank <= 5.01 - Multiple XSS and cookie disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438941/100/0/threaded"
},
{
"name": "1016428",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016428"
},
{
"name": "20929",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20929"
},
{
"name": "http://www.majorsecurity.de/advisory/major_rls19.txt",
"refsource": "MISC",
"url": "http://www.majorsecurity.de/advisory/major_rls19.txt"
},
{
"name": "20903",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20903"
},
{
"name": "ADV-2006-2659",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2659"
},
{
"name": "1016429",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016429"
},
{
"name": "18796",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18796"
},
{
"name": "autorankpro-adminmain-xss(27552)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27552"
}
]
}
}

140
2006/3xxx/CVE-2006-3416.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3416",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Tor before 0.1.1.20 kills the circuit when it receives an unrecognized relay command, which causes network circuits to be disbanded. NOTE: while this item is listed under the \"Security fixes\" section of the developer changelog, the developer clarified on 20060707 that this is only a self-DoS. Therefore this issue should not be included in CVE."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tor.eff.org/cvs/tor/ChangeLog",
"refsource" : "CONFIRM",
"url" : "http://tor.eff.org/cvs/tor/ChangeLog"
},
{
"name" : "GLSA-200606-04",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200606-04.xml"
},
{
"name" : "20514",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20514"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Tor before 0.1.1.20 kills the circuit when it receives an unrecognized relay command, which causes network circuits to be disbanded. NOTE: while this item is listed under the \"Security fixes\" section of the developer changelog, the developer clarified on 20060707 that this is only a self-DoS. Therefore this issue should not be included in CVE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20514",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20514"
},
{
"name": "GLSA-200606-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200606-04.xml"
},
{
"name": "http://tor.eff.org/cvs/tor/ChangeLog",
"refsource": "CONFIRM",
"url": "http://tor.eff.org/cvs/tor/ChangeLog"
}
]
}
}

190
2006/3xxx/CVE-2006-3892.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3892",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Management Console server in EMC NetWorker (formerly Legato NetWorker) 7.3.2 before Jumbo Update 1 uses weak authentication, which allows remote attackers to execute arbitrary commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2006-3892",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ftp://ftp.legato.com/pub/NetWorker/Updates/732JumboUpdate1/README%20732%20Jumbo%20Update%201.txt",
"refsource" : "CONFIRM",
"url" : "ftp://ftp.legato.com/pub/NetWorker/Updates/732JumboUpdate1/README%20732%20Jumbo%20Update%201.txt"
},
{
"name" : "http://www.kb.cert.org/vuls/id/MIMG-6VMLWA",
"refsource" : "CONFIRM",
"url" : "http://www.kb.cert.org/vuls/id/MIMG-6VMLWA"
},
{
"name" : "VU#498553",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/498553"
},
{
"name" : "22789",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22789"
},
{
"name" : "ADV-2007-0816",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0816"
},
{
"name" : "33853",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/33853"
},
{
"name" : "1017724",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1017724"
},
{
"name" : "24362",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24362"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Management Console server in EMC NetWorker (formerly Legato NetWorker) 7.3.2 before Jumbo Update 1 uses weak authentication, which allows remote attackers to execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24362"
},
{
"name": "33853",
"refsource": "OSVDB",
"url": "http://osvdb.org/33853"
},
{
"name": "http://www.kb.cert.org/vuls/id/MIMG-6VMLWA",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MIMG-6VMLWA"
},
{
"name": "ftp://ftp.legato.com/pub/NetWorker/Updates/732JumboUpdate1/README%20732%20Jumbo%20Update%201.txt",
"refsource": "CONFIRM",
"url": "ftp://ftp.legato.com/pub/NetWorker/Updates/732JumboUpdate1/README%20732%20Jumbo%20Update%201.txt"
},
{
"name": "22789",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22789"
},
{
"name": "1017724",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017724"
},
{
"name": "ADV-2007-0816",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0816"
},
{
"name": "VU#498553",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/498553"
}
]
}
}

34
2006/4xxx/CVE-2006-4027.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4027",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4027",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

200
2006/4xxx/CVE-2006-4401.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4401",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary FTP commands via a crafted FTP URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://docs.info.apple.com/article.html?artnum=304829",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name" : "APPLE-SA-2006-11-28",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name" : "TA06-333A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
},
{
"name" : "VU#681056",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/681056"
},
{
"name" : "21335",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21335"
},
{
"name" : "ADV-2006-4750",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4750"
},
{
"name" : "30736",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/30736"
},
{
"name" : "1017302",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017302"
},
{
"name" : "23155",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23155"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary FTP commands via a crafted FTP URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4750",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"name": "VU#681056",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/681056"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=304829",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "1017302",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017302"
},
{
"name": "21335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21335"
},
{
"name": "23155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23155"
},
{
"name": "APPLE-SA-2006-11-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "TA06-333A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
},
{
"name": "30736",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30736"
}
]
}
}

190
2006/4xxx/CVE-2006-4605.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4605",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to execute arbitrary PHP code via the adodb parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060902 PHP-Revista Multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445007/100/0/threaded"
},
{
"name" : "20090413 Re: PHP-Revista Multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/502637/100/0/threaded"
},
{
"name" : "8425",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8425"
},
{
"name" : "20090415 PHP-Revista 1.1.2 (RFI/SQLi/CB/XSS) Multiple Remote Vulnerabilities",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2009-April/002167.html"
},
{
"name" : "19818",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19818"
},
{
"name" : "28443",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28443"
},
{
"name" : "21738",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21738"
},
{
"name" : "1499",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1499"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to execute arbitrary PHP code via the adodb parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19818",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19818"
},
{
"name": "8425",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8425"
},
{
"name": "20090413 Re: PHP-Revista Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502637/100/0/threaded"
},
{
"name": "28443",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28443"
},
{
"name": "1499",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1499"
},
{
"name": "20060902 PHP-Revista Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445007/100/0/threaded"
},
{
"name": "20090415 PHP-Revista 1.1.2 (RFI/SQLi/CB/XSS) Multiple Remote Vulnerabilities",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2009-April/002167.html"
},
{
"name": "21738",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21738"
}
]
}
}

170
2006/4xxx/CVE-2006-4671.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4671",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in headlines.php in Fantastic News 2.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter, a different vector than CVE-2006-1154."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3027",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3027"
},
{
"name" : "21796",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21796"
},
{
"name" : "ADV-2006-3513",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3513"
},
{
"name" : "21807",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21807"
},
{
"name" : "23519",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23519"
},
{
"name" : "fantasticnews-configscriptpath-file-include(31121)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31121"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in headlines.php in Fantastic News 2.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter, a different vector than CVE-2006-1154."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21807",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21807"
},
{
"name": "ADV-2006-3513",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3513"
},
{
"name": "23519",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23519"
},
{
"name": "fantasticnews-configscriptpath-file-include(31121)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31121"
},
{
"name": "3027",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3027"
},
{
"name": "21796",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21796"
}
]
}
}

160
2006/4xxx/CVE-2006-4761.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4761",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Luke Hutteman SharpReader allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.cgisecurity.com/papers/RSS-Security.ppt",
"refsource" : "MISC",
"url" : "http://www.cgisecurity.com/papers/RSS-Security.ppt"
},
{
"name" : "20128",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20128"
},
{
"name" : "ADV-2006-3712",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3712"
},
{
"name" : "21963",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21963"
},
{
"name" : "sharpreader-atomrss-feed-xss(29073)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29073"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Luke Hutteman SharpReader allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20128",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20128"
},
{
"name": "http://www.cgisecurity.com/papers/RSS-Security.ppt",
"refsource": "MISC",
"url": "http://www.cgisecurity.com/papers/RSS-Security.ppt"
},
{
"name": "21963",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21963"
},
{
"name": "ADV-2006-3712",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3712"
},
{
"name": "sharpreader-atomrss-feed-xss(29073)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29073"
}
]
}
}

150
2006/7xxx/CVE-2006-7134.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7134",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in main_user.php in Upload Tool for PHP 1.0 allows remote attackers to upload and execute arbitrary files with executable extensions such as .php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7134",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "21150",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21150"
},
{
"name" : "ADV-2006-4575",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4575"
},
{
"name" : "22973",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22973"
},
{
"name" : "utp-mainuser-file-upload(30365)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30365"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in main_user.php in Upload Tool for PHP 1.0 allows remote attackers to upload and execute arbitrary files with executable extensions such as .php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22973",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22973"
},
{
"name": "21150",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21150"
},
{
"name": "ADV-2006-4575",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4575"
},
{
"name": "utp-mainuser-file-upload(30365)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30365"
}
]
}
}

180
2010/2xxx/CVE-2010-2003.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2003",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in misc/get_admin.php in Advanced Poll 2.08 allows remote attackers to inject arbitrary web script or HTML via the mysql_host parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100510 XSS vulnerability in Advanced Poll",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/511210/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.org/1005-exploits/advancedpoll208-xss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1005-exploits/advancedpoll208-xss.txt"
},
{
"name" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_advanced_poll.html",
"refsource" : "MISC",
"url" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_advanced_poll.html"
},
{
"name" : "40045",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40045"
},
{
"name" : "64524",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/64524"
},
{
"name" : "39768",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39768"
},
{
"name" : "advancedpoll-getadmin-xss(58503)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58503"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in misc/get_admin.php in Advanced Poll 2.08 allows remote attackers to inject arbitrary web script or HTML via the mysql_host parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64524",
"refsource": "OSVDB",
"url": "http://osvdb.org/64524"
},
{
"name": "advancedpoll-getadmin-xss(58503)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58503"
},
{
"name": "40045",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40045"
},
{
"name": "20100510 XSS vulnerability in Advanced Poll",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511210/100/0/threaded"
},
{
"name": "http://www.htbridge.ch/advisory/xss_vulnerability_in_advanced_poll.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_advanced_poll.html"
},
{
"name": "http://packetstormsecurity.org/1005-exploits/advancedpoll208-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1005-exploits/advancedpoll208-xss.txt"
},
{
"name": "39768",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39768"
}
]
}
}

160
2010/2xxx/CVE-2010-2047.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2047",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in JE CMS 1.0.0 and 1.1 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewcategory action. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "12641",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/12641"
},
{
"name" : "40231",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40231"
},
{
"name" : "64716",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/64716"
},
{
"name" : "39851",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39851"
},
{
"name" : "jecms-index-sql-injection(58646)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58646"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in JE CMS 1.0.0 and 1.1 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewcategory action. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "jecms-index-sql-injection(58646)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58646"
},
{
"name": "39851",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39851"
},
{
"name": "12641",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12641"
},
{
"name": "64716",
"refsource": "OSVDB",
"url": "http://osvdb.org/64716"
},
{
"name": "40231",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40231"
}
]
}
}

160
2010/2xxx/CVE-2010-2195.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2195",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "bozotic HTTP server (aka bozohttpd) 20090522 through 20100512 allows attackers to cause a denial of service via vectors related to a \"wrong code generation interaction with GCC.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.eterna.com.au/bozohttpd/CHANGES",
"refsource" : "MISC",
"url" : "http://www.eterna.com.au/bozohttpd/CHANGES"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590298",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590298"
},
{
"name" : "http://security-tracker.debian.org/tracker/CVE-2010-2195",
"refsource" : "CONFIRM",
"url" : "http://security-tracker.debian.org/tracker/CVE-2010-2195"
},
{
"name" : "http://www.eterna.com.au/bozohttpd",
"refsource" : "CONFIRM",
"url" : "http://www.eterna.com.au/bozohttpd"
},
{
"name" : "bozohttpd-gcc-dos(60876)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60876"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bozotic HTTP server (aka bozohttpd) 20090522 through 20100512 allows attackers to cause a denial of service via vectors related to a \"wrong code generation interaction with GCC.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bozohttpd-gcc-dos(60876)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60876"
},
{
"name": "http://security-tracker.debian.org/tracker/CVE-2010-2195",
"refsource": "CONFIRM",
"url": "http://security-tracker.debian.org/tracker/CVE-2010-2195"
},
{
"name": "http://www.eterna.com.au/bozohttpd",
"refsource": "CONFIRM",
"url": "http://www.eterna.com.au/bozohttpd"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590298",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590298"
},
{
"name": "http://www.eterna.com.au/bozohttpd/CHANGES",
"refsource": "MISC",
"url": "http://www.eterna.com.au/bozohttpd/CHANGES"
}
]
}
}

150
2010/2xxx/CVE-2010-2985.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2985",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the searchTerm parameter to ServiceRegistry/HelpSearch.do or (2) the queryItems[0].value parameter to ServiceRegistry/QueryWizardProcessStep1.do."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "IZ75984",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ75984"
},
{
"name" : "IZ76926",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ76926"
},
{
"name" : "42281",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/42281"
},
{
"name" : "40862",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40862"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the searchTerm parameter to ServiceRegistry/HelpSearch.do or (2) the queryItems[0].value parameter to ServiceRegistry/QueryWizardProcessStep1.do."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IZ75984",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ75984"
},
{
"name": "40862",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40862"
},
{
"name": "IZ76926",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ76926"
},
{
"name": "42281",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42281"
}
]
}
}

34
2010/3xxx/CVE-2010-3048.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3048",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3048",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2010/3xxx/CVE-2010-3205.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3205",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in index.php in Textpattern CMS 4.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14823",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14823"
},
{
"name" : "http://packetstormsecurity.org/1008-exploits/textpattern-rfi.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1008-exploits/textpattern-rfi.txt"
},
{
"name" : "textpattern-index-file-include(61475)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61475"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in index.php in Textpattern CMS 4.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/1008-exploits/textpattern-rfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1008-exploits/textpattern-rfi.txt"
},
{
"name": "14823",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14823"
},
{
"name": "textpattern-index-file-include(61475)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61475"
}
]
}
}

170
2010/3xxx/CVE-2010-3217.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3217",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka \"Word Pointer Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-3217",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20101014 VUPEN Security Research - Microsoft Office Word Document Invalid Pointer Vulnerability (CVE-2010-3217)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/514298/100/0/threaded"
},
{
"name" : "20101223 Secunia Research: Microsoft Word LFO Parsing Double-Free Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/515440/100/0/threaded"
},
{
"name" : "http://secunia.com/secunia_research/2010-76/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2010-76/"
},
{
"name" : "MS10-079",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-079"
},
{
"name" : "TA10-285A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-285A.html"
},
{
"name" : "oval:org.mitre.oval:def:6695",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6695"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka \"Word Pointer Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:6695",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6695"
},
{
"name": "20101014 VUPEN Security Research - Microsoft Office Word Document Invalid Pointer Vulnerability (CVE-2010-3217)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514298/100/0/threaded"
},
{
"name": "http://secunia.com/secunia_research/2010-76/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2010-76/"
},
{
"name": "MS10-079",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-079"
},
{
"name": "20101223 Secunia Research: Microsoft Word LFO Parsing Double-Free Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/515440/100/0/threaded"
},
{
"name": "TA10-285A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html"
}
]
}
}

160
2010/3xxx/CVE-2010-3472.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3472",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3472",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm",
"refsource" : "CONFIRM",
"url" : "http://download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm"
},
{
"name" : "PJ37466",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PJ37466"
},
{
"name" : "43272",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43272"
},
{
"name" : "41458",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41458"
},
{
"name" : "ADV-2010-2419",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2419"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm",
"refsource": "CONFIRM",
"url": "http://download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm"
},
{
"name": "PJ37466",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PJ37466"
},
{
"name": "43272",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43272"
},
{
"name": "41458",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41458"
},
{
"name": "ADV-2010-2419",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2419"
}
]
}
}

210
2011/0xxx/CVE-2011-0188.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0188",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an \"integer truncation issue.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-0188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4581",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4581"
},
{
"name" : "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ext/bigdecimal/bigdecimal.c?r1=29364&r2=30993",
"refsource" : "CONFIRM",
"url" : "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ext/bigdecimal/bigdecimal.c?r1=29364&r2=30993"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=682332",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=682332"
},
{
"name" : "APPLE-SA-2011-03-21-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name" : "MDVSA-2011:097",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:097"
},
{
"name" : "MDVSA-2011:098",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:098"
},
{
"name" : "RHSA-2011:0908",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0908.html"
},
{
"name" : "RHSA-2011:0909",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0909.html"
},
{
"name" : "RHSA-2011:0910",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0910.html"
},
{
"name" : "1025236",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025236"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an \"integer truncation issue.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2011:0910",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0910.html"
},
{
"name": "1025236",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025236"
},
{
"name": "MDVSA-2011:098",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:098"
},
{
"name": "RHSA-2011:0909",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0909.html"
},
{
"name": "APPLE-SA-2011-03-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name": "RHSA-2011:0908",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0908.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=682332",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=682332"
},
{
"name": "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ext/bigdecimal/bigdecimal.c?r1=29364&r2=30993",
"refsource": "CONFIRM",
"url": "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ext/bigdecimal/bigdecimal.c?r1=29364&r2=30993"
},
{
"name": "MDVSA-2011:097",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:097"
},
{
"name": "http://support.apple.com/kb/HT4581",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4581"
}
]
}
}

150
2011/0xxx/CVE-2011-0202.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0202",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in CoreGraphics in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded Type 1 font in a PDF document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-0202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4723",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4723"
},
{
"name" : "http://support.apple.com/kb/HT4808",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4808"
},
{
"name" : "APPLE-SA-2011-06-23-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
},
{
"name" : "APPLE-SA-2011-07-20-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in CoreGraphics in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded Type 1 font in a PDF document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT4723",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4723"
},
{
"name": "APPLE-SA-2011-06-23-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT4808",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4808"
},
{
"name": "APPLE-SA-2011-07-20-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
}
]
}
}

200
2011/0xxx/CVE-2011-0585.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0585",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0565."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2011-0585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html"
},
{
"name" : "RHSA-2011:0301",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0301.html"
},
{
"name" : "46207",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46207"
},
{
"name" : "oval:org.mitre.oval:def:12193",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12193"
},
{
"name" : "1025033",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025033"
},
{
"name" : "43470",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43470"
},
{
"name" : "ADV-2011-0337",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0337"
},
{
"name" : "ADV-2011-0492",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0492"
},
{
"name" : "acrobat-unspec-dos(65290)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65290"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0565."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0492",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0492"
},
{
"name": "46207",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46207"
},
{
"name": "oval:org.mitre.oval:def:12193",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12193"
},
{
"name": "43470",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43470"
},
{
"name": "RHSA-2011:0301",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0301.html"
},
{
"name": "ADV-2011-0337",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0337"
},
{
"name": "1025033",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025033"
},
{
"name": "acrobat-unspec-dos(65290)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65290"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-03.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html"
}
]
}
}

130
2011/1xxx/CVE-2011-1318.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1318",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463"
},
{
"name" : "PM23029",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM23029"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PM23029",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM23029"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463"
}
]
}
}

220
2011/1xxx/CVE-2011-1486.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1486",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same time."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[libvirt] 20110323 [PATCH] Make error reporting in libvirtd thread safe",
"refsource" : "MLIST",
"url" : "https://www.redhat.com/archives/libvir-list/2011-March/msg01087.html"
},
{
"name" : "http://libvirt.org/git/?p=libvirt.git;a=commit;h=f44bfb7fb978c9313ce050a1c4149bf04aa0a670",
"refsource" : "CONFIRM",
"url" : "http://libvirt.org/git/?p=libvirt.git;a=commit;h=f44bfb7fb978c9313ce050a1c4149bf04aa0a670"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100134583",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100134583"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=693391",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=693391"
},
{
"name" : "DSA-2280",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2280"
},
{
"name" : "RHSA-2011:0478",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0478.html"
},
{
"name" : "RHSA-2011:0479",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0479.html"
},
{
"name" : "USN-1152-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1152-1"
},
{
"name" : "47148",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47148"
},
{
"name" : "1025477",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025477"
},
{
"name" : "44459",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44459"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same time."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.avaya.com/css/P8/documents/100134583",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100134583"
},
{
"name": "44459",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44459"
},
{
"name": "RHSA-2011:0479",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0479.html"
},
{
"name": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=f44bfb7fb978c9313ce050a1c4149bf04aa0a670",
"refsource": "CONFIRM",
"url": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=f44bfb7fb978c9313ce050a1c4149bf04aa0a670"
},
{
"name": "1025477",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025477"
},
{
"name": "47148",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47148"
},
{
"name": "USN-1152-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1152-1"
},
{
"name": "RHSA-2011:0478",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0478.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=693391",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=693391"
},
{
"name": "[libvirt] 20110323 [PATCH] Make error reporting in libvirtd thread safe",
"refsource": "MLIST",
"url": "https://www.redhat.com/archives/libvir-list/2011-March/msg01087.html"
},
{
"name": "DSA-2280",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2280"
}
]
}
}

140
2011/1xxx/CVE-2011-1682.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1682",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in phpList 2.10.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create a list or (2) insert cross-site scripting (XSS) sequences. NOTE: this issue exists because of an incomplete fix for CVE-2011-0748. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44041",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44041"
},
{
"name" : "phplist-list-csrf(66666)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66666"
},
{
"name" : "phplist-xss-sequences-csrf(66816)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66816"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in phpList 2.10.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create a list or (2) insert cross-site scripting (XSS) sequences. NOTE: this issue exists because of an incomplete fix for CVE-2011-0748. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phplist-list-csrf(66666)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66666"
},
{
"name": "44041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44041"
},
{
"name": "phplist-xss-sequences-csrf(66816)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66816"
}
]
}
}

130
2014/3xxx/CVE-2014-3247.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3247",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Collabtive 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the desc parameter in an Add project (addpro) action to admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "33250",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/33250"
},
{
"name" : "67343",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67343"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Collabtive 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the desc parameter in an Add project (addpro) action to admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "67343",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67343"
},
{
"name": "33250",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/33250"
}
]
}
}

120
2014/3xxx/CVE-2014-3392.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3392",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Clientless SSL VPN portal in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows remote attackers to obtain sensitive information from process memory or modify memory contents via crafted parameters, aka Bug ID CSCuq29136."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141008 Multiple Vulnerabilities in Cisco ASA Software",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Clientless SSL VPN portal in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows remote attackers to obtain sensitive information from process memory or modify memory contents via crafted parameters, aka Bug ID CSCuq29136."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141008 Multiple Vulnerabilities in Cisco ASA Software",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa"
}
]
}
}

130
2014/3xxx/CVE-2014-3593.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3593",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=989005",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=989005"
},
{
"name" : "RHSA-2014:1390",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1390.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:1390",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1390.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=989005",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=989005"
}
]
}
}

140
2014/6xxx/CVE-2014-6643.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6643",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The FIAT Forum (aka com.tapatalk.fiatforumcom) application 3.8.41 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#331169",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/331169"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FIAT Forum (aka com.tapatalk.fiatforumcom) application 3.8.41 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#331169",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/331169"
}
]
}
}

140
2014/6xxx/CVE-2014-6662.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6662",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Forum Krstarice (aka com.tapatalk.forumkrstaricacom) application 3.5.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#724617",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/724617"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Forum Krstarice (aka com.tapatalk.forumkrstaricacom) application 3.5.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#724617",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/724617"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7228.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7228",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for WordPress 1.0.b1 through 1.1.3; Solo 1.0.b1 through 1.1.2; Admin Tools Core and Professional 2.0.0 through 2.4.4; and CMS Update 1.0.a1 through 1.0.1, when performing a backup or update for an archive, does not delete parameters from $_GET and $_POST when it is cleansing $_REQUEST, but later accesses $_GET and $_POST using the getQueryParam function, which allows remote attackers to bypass encryption and execute arbitrary code via a command message that extracts a crafted archive."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7228",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://websec.wordpress.com/2014/10/05/joomla-3-3-4-akeeba-kickstart-remote-code-execution-cve-2014-7228/",
"refsource" : "MISC",
"url" : "http://websec.wordpress.com/2014/10/05/joomla-3-3-4-akeeba-kickstart-remote-code-execution-cve-2014-7228/"
},
{
"name" : "http://developer.joomla.org/security/595-20140903-core-remote-file-inclusion.html",
"refsource" : "CONFIRM",
"url" : "http://developer.joomla.org/security/595-20140903-core-remote-file-inclusion.html"
},
{
"name" : "https://www.akeebabackup.com/home/news/1605-security-update-sep-2014.html",
"refsource" : "CONFIRM",
"url" : "https://www.akeebabackup.com/home/news/1605-security-update-sep-2014.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for WordPress 1.0.b1 through 1.1.3; Solo 1.0.b1 through 1.1.2; Admin Tools Core and Professional 2.0.0 through 2.4.4; and CMS Update 1.0.a1 through 1.0.1, when performing a backup or update for an archive, does not delete parameters from $_GET and $_POST when it is cleansing $_REQUEST, but later accesses $_GET and $_POST using the getQueryParam function, which allows remote attackers to bypass encryption and execute arbitrary code via a command message that extracts a crafted archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://websec.wordpress.com/2014/10/05/joomla-3-3-4-akeeba-kickstart-remote-code-execution-cve-2014-7228/",
"refsource": "MISC",
"url": "http://websec.wordpress.com/2014/10/05/joomla-3-3-4-akeeba-kickstart-remote-code-execution-cve-2014-7228/"
},
{
"name": "http://developer.joomla.org/security/595-20140903-core-remote-file-inclusion.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/595-20140903-core-remote-file-inclusion.html"
},
{
"name": "https://www.akeebabackup.com/home/news/1605-security-update-sep-2014.html",
"refsource": "CONFIRM",
"url": "https://www.akeebabackup.com/home/news/1605-security-update-sep-2014.html"
}
]
}
}

120
2014/7xxx/CVE-2014-7297.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7297",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the folder framework in the Enfold theme before 3.0.1 for WordPress has unknown impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://themeforest.net/item/enfold-responsive-multipurpose-theme/4519990",
"refsource" : "CONFIRM",
"url" : "http://themeforest.net/item/enfold-responsive-multipurpose-theme/4519990"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the folder framework in the Enfold theme before 3.0.1 for WordPress has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://themeforest.net/item/enfold-responsive-multipurpose-theme/4519990",
"refsource": "CONFIRM",
"url": "http://themeforest.net/item/enfold-responsive-multipurpose-theme/4519990"
}
]
}
}

140
2014/7xxx/CVE-2014-7325.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7325",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Business Intelligence (aka com.magzter.businessintelligence) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#456393",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/456393"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Business Intelligence (aka com.magzter.businessintelligence) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#456393",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/456393"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7516.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7516",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Central East LHIN News (aka com.wCentralEastLHINNews) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7516",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#863217",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/863217"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Central East LHIN News (aka com.wCentralEastLHINNews) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#863217",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/863217"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

130
2014/8xxx/CVE-2014-8019.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8019",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Cisco Enterprise Content Delivery System (ECDS) allows remote attackers to read arbitrary files via a crafted URL, aka Bug ID CSCuo90148."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-8019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141219 Cisco ECDS Web Directory Traversal and Arbitrary File Access Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8019"
},
{
"name" : "1031417",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031417"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Cisco Enterprise Content Delivery System (ECDS) allows remote attackers to read arbitrary files via a crafted URL, aka Bug ID CSCuo90148."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141219 Cisco ECDS Web Directory Traversal and Arbitrary File Access Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8019"
},
{
"name": "1031417",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031417"
}
]
}
}

34
2014/8xxx/CVE-2014-8411.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8411",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8411",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2014/8xxx/CVE-2014-8587.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8587",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/",
"refsource" : "MISC",
"url" : "http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/"
},
{
"name" : "http://service.sap.com/sap/support/notes/2067859",
"refsource" : "CONFIRM",
"url" : "http://service.sap.com/sap/support/notes/2067859"
},
{
"name" : "https://twitter.com/SAP_Gsupport/status/522401681997570048",
"refsource" : "CONFIRM",
"url" : "https://twitter.com/SAP_Gsupport/status/522401681997570048"
},
{
"name" : "57606",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57606"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://service.sap.com/sap/support/notes/2067859",
"refsource": "CONFIRM",
"url": "http://service.sap.com/sap/support/notes/2067859"
},
{
"name": "http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/",
"refsource": "MISC",
"url": "http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/"
},
{
"name": "https://twitter.com/SAP_Gsupport/status/522401681997570048",
"refsource": "CONFIRM",
"url": "https://twitter.com/SAP_Gsupport/status/522401681997570048"
},
{
"name": "57606",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57606"
}
]
}
}

34
2014/8xxx/CVE-2014-8689.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8689",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8689",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

182
2016/2xxx/CVE-2016-2123.json
View File

@ -1,93 +1,93 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "lpardo@redhat.com",
"ID" : "CVE-2016-2123",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "samba",
"version" : {
"version_data" : [
{
"version_value" : "versions 4.0.0 to 4.5.2"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "8.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
],
[
{
"vectorString" : "7.9/AV:A/AC:M/Au:N/C:C/I:C/A:C",
"version" : "2.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-122"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "samba",
"version": {
"version_data": [
{
"version_value": "versions 4.0.0 to 4.5.2"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2123",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2123"
},
{
"name" : "https://www.samba.org/samba/security/CVE-2016-2123.html",
"refsource" : "CONFIRM",
"url" : "https://www.samba.org/samba/security/CVE-2016-2123.html"
},
{
"name" : "94970",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94970"
},
{
"name" : "1037493",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037493"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "8.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
[
{
"vectorString": "7.9/AV:A/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.samba.org/samba/security/CVE-2016-2123.html",
"refsource": "CONFIRM",
"url": "https://www.samba.org/samba/security/CVE-2016-2123.html"
},
{
"name": "94970",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94970"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2123",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2123"
},
{
"name": "1037493",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037493"
}
]
}
}

130
2016/2xxx/CVE-2016-2428.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2428",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libAACdec/src/aacdec_drc.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly limit the number of threads, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted media file, aka internal bug 26751339."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-2428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-05-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-05-01.html"
},
{
"name" : "https://android.googlesource.com/platform/external/aac/+/5d4405f601fa11a8955fd7611532c982420e4206",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/external/aac/+/5d4405f601fa11a8955fd7611532c982420e4206"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libAACdec/src/aacdec_drc.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly limit the number of threads, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted media file, aka internal bug 26751339."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-05-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-05-01.html"
},
{
"name": "https://android.googlesource.com/platform/external/aac/+/5d4405f601fa11a8955fd7611532c982420e4206",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/external/aac/+/5d4405f601fa11a8955fd7611532c982420e4206"
}
]
}
}

34
2016/2xxx/CVE-2016-2585.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2585",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2585",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/2xxx/CVE-2016-2616.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2616",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2616",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/2xxx/CVE-2016-2885.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2885",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2885",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/18xxx/CVE-2017-18306.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18306",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18306",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2017/1xxx/CVE-2017-1170.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2017-1170",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "WebSphere Commerce Enterprise",
"version" : {
"version_data" : [
{
"version_value" : "8.0, 8.0.1.0, 8.0.3.0, 8.0.4.0"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user's session. IBM X-Force ID: 123230."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2017-1170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Commerce Enterprise",
"version": {
"version_data": [
{
"version_value": "8.0, 8.0.1.0, 8.0.3.0, 8.0.4.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22001225",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22001225"
},
{
"name" : "98027",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98027"
},
{
"name" : "1038359",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038359"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user's session. IBM X-Force ID: 123230."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22001225",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001225"
},
{
"name": "98027",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98027"
},
{
"name": "1038359",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038359"
}
]
}
}

34
2017/1xxx/CVE-2017-1921.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1921",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-1921",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

180
2017/5xxx/CVE-2017-5012.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-5012",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android",
"version" : {
"version_data" : [
{
"version_value" : "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "heap buffer overflow"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
},
{
"name" : "https://crbug.com/681843",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/681843"
},
{
"name" : "DSA-3776",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3776"
},
{
"name" : "GLSA-201701-66",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-66"
},
{
"name" : "RHSA-2017:0206",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0206.html"
},
{
"name" : "95792",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95792"
},
{
"name" : "1037718",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037718"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "heap buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95792",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95792"
},
{
"name": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
},
{
"name": "GLSA-201701-66",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-66"
},
{
"name": "RHSA-2017:0206",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0206.html"
},
{
"name": "https://crbug.com/681843",
"refsource": "CONFIRM",
"url": "https://crbug.com/681843"
},
{
"name": "1037718",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037718"
},
{
"name": "DSA-3776",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3776"
}
]
}
}

140
2017/5xxx/CVE-2017-5185.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@microfocus.com",
"ID" : "CVE-2017-5185",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "NetIQ Sentinel Server",
"version" : {
"version_data" : [
{
"version_value" : "NetIQ Sentinel Server"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow remote denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote denial of service"
}
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"ID": "CVE-2017-5185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Sentinel Server",
"version": {
"version_data": [
{
"version_value": "NetIQ Sentinel Server"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.tenable.com/security/research/tra-2017-15",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2017-15"
},
{
"name" : "https://www.netiq.com/support/kb/doc.php?id=7018753",
"refsource" : "CONFIRM",
"url" : "https://www.netiq.com/support/kb/doc.php?id=7018753"
},
{
"name" : "97267",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97267"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow remote denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2017-15",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2017-15"
},
{
"name": "97267",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97267"
},
{
"name": "https://www.netiq.com/support/kb/doc.php?id=7018753",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/support/kb/doc.php?id=7018753"
}
]
}
}

130
2017/5xxx/CVE-2017-5476.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5476",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/s9y/Serendipity/issues/439",
"refsource" : "CONFIRM",
"url" : "https://github.com/s9y/Serendipity/issues/439"
},
{
"name" : "95659",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95659"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/s9y/Serendipity/issues/439",
"refsource": "CONFIRM",
"url": "https://github.com/s9y/Serendipity/issues/439"
},
{
"name": "95659",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95659"
}
]
}
}

732
2017/5xxx/CVE-2017-5754.json
View File

@ -1,368 +1,368 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"DATE_PUBLIC" : "2018-01-03T00:00:00",
"ID" : "CVE-2017-5754",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Most Modern Operating Systems",
"version" : {
"version_data" : [
{
"version_value" : "All"
}
]
}
}
]
},
"vendor_name" : "Intel Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2018-01-03T00:00:00",
"ID": "CVE-2017-5754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Most Modern Operating Systems",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html"
},
{
"name" : "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html",
"refsource" : "MISC",
"url" : "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html"
},
{
"name" : "https://meltdownattack.com/",
"refsource" : "MISC",
"url" : "https://meltdownattack.com/"
},
{
"name" : "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html",
"refsource" : "MISC",
"url" : "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html"
},
{
"name" : "https://01.org/security/advisories/intel-oss-10003",
"refsource" : "CONFIRM",
"url" : "https://01.org/security/advisories/intel-oss-10003"
},
{
"name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4609",
"refsource" : "CONFIRM",
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4609"
},
{
"name" : "http://xenbits.xen.org/xsa/advisory-254.html",
"refsource" : "CONFIRM",
"url" : "http://xenbits.xen.org/xsa/advisory-254.html"
},
{
"name" : "https://access.redhat.com/security/vulnerabilities/speculativeexecution",
"refsource" : "CONFIRM",
"url" : "https://access.redhat.com/security/vulnerabilities/speculativeexecution"
},
{
"name" : "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/",
"refsource" : "CONFIRM",
"url" : "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/"
},
{
"name" : "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/",
"refsource" : "CONFIRM",
"url" : "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/"
},
{
"name" : "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
"refsource" : "CONFIRM",
"url" : "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002"
},
{
"name" : "https://support.f5.com/csp/article/K91229003",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/csp/article/K91229003"
},
{
"name" : "https://support.lenovo.com/us/en/solutions/LEN-18282",
"refsource" : "CONFIRM",
"url" : "https://support.lenovo.com/us/en/solutions/LEN-18282"
},
{
"name" : "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/",
"refsource" : "CONFIRM",
"url" : "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/"
},
{
"name" : "https://www.synology.com/support/security/Synology_SA_18_01",
"refsource" : "CONFIRM",
"url" : "https://www.synology.com/support/security/Synology_SA_18_01"
},
{
"name" : "https://support.citrix.com/article/CTX231399",
"refsource" : "CONFIRM",
"url" : "https://support.citrix.com/article/CTX231399"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180104-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180104-0001/"
},
{
"name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4611",
"refsource" : "CONFIRM",
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4611"
},
{
"name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4613",
"refsource" : "CONFIRM",
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4613"
},
{
"name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4614",
"refsource" : "CONFIRM",
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4614"
},
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us"
},
{
"name" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt",
"refsource" : "CONFIRM",
"url" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt"
},
{
"name" : "https://source.android.com/security/bulletin/2018-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name" : "https://support.citrix.com/article/CTX234679",
"refsource" : "CONFIRM",
"url" : "https://support.citrix.com/article/CTX234679"
},
{
"name" : "https://cert.vde.com/en-us/advisories/vde-2018-002",
"refsource" : "CONFIRM",
"url" : "https://cert.vde.com/en-us/advisories/vde-2018-002"
},
{
"name" : "https://cert.vde.com/en-us/advisories/vde-2018-003",
"refsource" : "CONFIRM",
"url" : "https://cert.vde.com/en-us/advisories/vde-2018-003"
},
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin",
"refsource" : "CONFIRM",
"url" : "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin"
},
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us"
},
{
"name" : "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001",
"refsource" : "CONFIRM",
"url" : "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001"
},
{
"name" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource" : "CONFIRM",
"url" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name" : "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes",
"refsource" : "CONFIRM",
"url" : "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
},
{
"name" : "20180104 CPU Side-Channel Information Disclosure Vulnerabilities",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel"
},
{
"name" : "DSA-4078",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4078"
},
{
"name" : "DSA-4082",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4082"
},
{
"name" : "DSA-4120",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4120"
},
{
"name" : "FreeBSD-SA-18:03",
"refsource" : "FREEBSD",
"url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc"
},
{
"name" : "GLSA-201810-06",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201810-06"
},
{
"name" : "RHSA-2018:0292",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0292"
},
{
"name" : "SUSE-SU-2018:0010",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
},
{
"name" : "SUSE-SU-2018:0011",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
},
{
"name" : "SUSE-SU-2018:0012",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
},
{
"name" : "openSUSE-SU-2018:0022",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
},
{
"name" : "openSUSE-SU-2018:0023",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
},
{
"name" : "USN-3516-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/usn/usn-3516-1/"
},
{
"name" : "USN-3522-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/usn/usn-3522-2/"
},
{
"name" : "USN-3523-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/usn/usn-3523-2/"
},
{
"name" : "USN-3524-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/usn/usn-3524-2/"
},
{
"name" : "USN-3525-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/usn/usn-3525-1/"
},
{
"name" : "USN-3522-3",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3522-3/"
},
{
"name" : "USN-3522-4",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3522-4/"
},
{
"name" : "USN-3523-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3523-1/"
},
{
"name" : "USN-3583-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3583-1/"
},
{
"name" : "USN-3597-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3597-1/"
},
{
"name" : "USN-3597-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3597-2/"
},
{
"name" : "USN-3540-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3540-2/"
},
{
"name" : "USN-3541-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3541-2/"
},
{
"name" : "VU#584653",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/584653"
},
{
"name" : "VU#180049",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/180049"
},
{
"name" : "102378",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102378"
},
{
"name" : "106128",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106128"
},
{
"name" : "1040071",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040071"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609"
},
{
"name": "USN-3523-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3523-1/"
},
{
"name": "USN-3525-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/usn/usn-3525-1/"
},
{
"name": "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin"
},
{
"name": "GLSA-201810-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201810-06"
},
{
"name": "DSA-4082",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4082"
},
{
"name": "https://support.citrix.com/article/CTX234679",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX234679"
},
{
"name": "USN-3540-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3540-2/"
},
{
"name": "USN-3522-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3522-3/"
},
{
"name": "https://access.redhat.com/security/vulnerabilities/speculativeexecution",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution"
},
{
"name": "[debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002"
},
{
"name": "USN-3597-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3597-1/"
},
{
"name": "SUSE-SU-2018:0012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
},
{
"name": "SUSE-SU-2018:0011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
},
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611"
},
{
"name": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html",
"refsource": "MISC",
"url": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html"
},
{
"name": "https://01.org/security/advisories/intel-oss-10003",
"refsource": "CONFIRM",
"url": "https://01.org/security/advisories/intel-oss-10003"
},
{
"name": "https://cert.vde.com/en-us/advisories/vde-2018-002",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2018-002"
},
{
"name": "DSA-4120",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4120"
},
{
"name": "https://support.f5.com/csp/article/K91229003",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K91229003"
},
{
"name": "USN-3524-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/usn/usn-3524-2/"
},
{
"name": "DSA-4078",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4078"
},
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "openSUSE-SU-2018:0022",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
},
{
"name": "RHSA-2018:0292",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0292"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-254.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-254.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180104-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180104-0001/"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_18_01",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_18_01"
},
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt"
},
{
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
"refsource": "CONFIRM",
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"name": "VU#584653",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/584653"
},
{
"name": "USN-3522-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/usn/usn-3522-2/"
},
{
"name": "VU#180049",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/180049"
},
{
"name": "USN-3583-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3583-1/"
},
{
"name": "https://cert.vde.com/en-us/advisories/vde-2018-003",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2018-003"
},
{
"name": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us"
},
{
"name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001",
"refsource": "CONFIRM",
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us"
},
{
"name": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/",
"refsource": "CONFIRM",
"url": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/"
},
{
"name": "https://support.citrix.com/article/CTX231399",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX231399"
},
{
"name": "102378",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102378"
},
{
"name": "FreeBSD-SA-18:03",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc"
},
{
"name": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/",
"refsource": "CONFIRM",
"url": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/"
},
{
"name": "106128",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106128"
},
{
"name": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/",
"refsource": "CONFIRM",
"url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/"
},
{
"name": "1040071",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040071"
},
{
"name": "USN-3597-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3597-2/"
},
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614"
},
{
"name": "SUSE-SU-2018:0010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
},
{
"name": "20180104 CPU Side-Channel Information Disclosure Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel"
},
{
"name": "USN-3523-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/usn/usn-3523-2/"
},
{
"name": "USN-3516-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/usn/usn-3516-1/"
},
{
"name": "USN-3541-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3541-2/"
},
{
"name": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html",
"refsource": "MISC",
"url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html"
},
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-18282",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-18282"
},
{
"name": "https://meltdownattack.com/",
"refsource": "MISC",
"url": "https://meltdownattack.com/"
},
{
"name": "openSUSE-SU-2018:0023",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
},
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613"
},
{
"name": "USN-3522-4",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3522-4/"
}
]
}
}

180
2017/5xxx/CVE-2017-5848.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5848",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170201 Multiple memory access issues in gstreamer",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/02/01/7"
},
{
"name" : "[oss-security] 20170202 Re: Multiple memory access issues in gstreamer",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/02/02/9"
},
{
"name" : "https://bugzilla.gnome.org/show_bug.cgi?id=777957#c3",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.gnome.org/show_bug.cgi?id=777957#c3"
},
{
"name" : "DSA-3818",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3818"
},
{
"name" : "GLSA-201705-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201705-10"
},
{
"name" : "RHSA-2017:2060",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2060"
},
{
"name" : "96001",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96001"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3818",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3818"
},
{
"name": "96001",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96001"
},
{
"name": "RHSA-2017:2060",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2060"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=777957#c3",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=777957#c3"
},
{
"name": "[oss-security] 20170202 Re: Multiple memory access issues in gstreamer",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/9"
},
{
"name": "GLSA-201705-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"name": "[oss-security] 20170201 Multiple memory access issues in gstreamer",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/01/7"
}
]
}
}