admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:10:33 +00:00
parent 068a1c5180
commit e4bdbce384
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 4206 additions and 4206 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2006/0xxx/CVE-2006-0241.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0241", "ID": "CVE-2006-0241",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in WBNews 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Name field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060117 XSS in WBNews < = v1.1.0", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/422133/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting vulnerability in WBNews 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Name field."
{ }
"name" : "16277", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/16277" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-0237", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/0237" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "18499", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/18499" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20060117 XSS in WBNews < = v1.1.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/422133/100/0/threaded"
},
{
"name": "16277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16277"
},
{
"name": "18499",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18499"
},
{
"name": "ADV-2006-0237",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0237"
}
]
}
}

130
2006/0xxx/CVE-2006-0505.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0505", "ID": "CVE-2006-0505",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "zbattle.net Zbattle client 1.09 SR-1 beta allows remote attackers to cause an unspecified denial of service by rapidly creating and closing a game."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060128 zbattle.net", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/423431/100/0/threaded" "lang": "eng",
}, "value": "zbattle.net Zbattle client 1.09 SR-1 beta allows remote attackers to cause an unspecified denial of service by rapidly creating and closing a game."
{ }
"name" : "zbattle-command-dos(24369)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24369" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060128 zbattle.net",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423431/100/0/threaded"
},
{
"name": "zbattle-command-dos(24369)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24369"
}
]
}
}

180
2006/0xxx/CVE-2006-0671.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0671", "ID": "CVE-2006-0671",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Sony Ericsson K600i, V600i, W800i, and T68i cell phone allows remote attackers to cause a denial of service (reboot or shutdown) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet whose length field is less than the actual length of the packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060206 [ Secuobs - Advisory ] Bluetooth : DoS on Sony/Ericsson cell phones", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=113926179907655&w=2" "lang": "eng",
}, "value": "Buffer overflow in Sony Ericsson K600i, V600i, W800i, and T68i cell phone allows remote attackers to cause a denial of service (reboot or shutdown) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet whose length field is less than the actual length of the packet."
{ }
"name" : "20060206 [Full-disclosure] [ Secuobs - Advisory ] Bluetooth : DoS on", ]
"refsource" : "FULLDISC", },
"url" : "http://marc.info/?l=full-disclosure&m=113924661724270&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.secuobs.com/news/05022006-bluetooth7.shtml#english", "description": [
"refsource" : "MISC", {
"url" : "http://www.secuobs.com/news/05022006-bluetooth7.shtml#english" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "16512", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/16512" ]
}, },
{ "references": {
"name" : "ADV-2006-0478", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/0478" "name": "16512",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/16512"
"name" : "18747", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18747" "name": "18747",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18747"
"name" : "sony-bluetooth-dos(24534)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24534" "name": "ADV-2006-0478",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/0478"
} },
} {
"name": "20060206 [Full-disclosure] [ Secuobs - Advisory ] Bluetooth : DoS on",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=113924661724270&w=2"
},
{
"name": "20060206 [ Secuobs - Advisory ] Bluetooth : DoS on Sony/Ericsson cell phones",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=113926179907655&w=2"
},
{
"name": "sony-bluetooth-dos(24534)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24534"
},
{
"name": "http://www.secuobs.com/news/05022006-bluetooth7.shtml#english",
"refsource": "MISC",
"url": "http://www.secuobs.com/news/05022006-bluetooth7.shtml#english"
}
]
}
}

170
2006/0xxx/CVE-2006-0784.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0784", "ID": "CVE-2006-0784",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers to cause a denial of service (CAMEO HTTP service crash) via a request composed of \"GET\" followed by a space and two newlines, possibly triggering the crash due to missing arguments."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060216 D-Link DWL-G700AP httpd DoS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/425169/100/0/threaded" "lang": "eng",
}, "value": "D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers to cause a denial of service (CAMEO HTTP service crash) via a request composed of \"GET\" followed by a space and two newlines, possibly triggering the crash due to missing arguments."
{ }
"name" : "16690", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/16690" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-0637", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/0637" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "18932", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/18932" ]
}, },
{ "references": {
"name" : "441", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/441" "name": "441",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/441"
"name" : "dlink-admin-interface-dos(24762)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24762" "name": "dlink-admin-interface-dos(24762)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24762"
} },
} {
"name": "ADV-2006-0637",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0637"
},
{
"name": "18932",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18932"
},
{
"name": "16690",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16690"
},
{
"name": "20060216 D-Link DWL-G700AP httpd DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425169/100/0/threaded"
}
]
}
}

200
2006/1xxx/CVE-2006-1234.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1234", "ID": "CVE-2006-1234",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in DSCounter 1.2, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060325 [eVuln] DSCounter 'X-Forwarded-For' SQL Injection Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/428807/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in index.php in DSCounter 1.2, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header."
{ }
"name" : "http://evuln.com/vulns/98/summary.html", ]
"refsource" : "MISC", },
"url" : "http://evuln.com/vulns/98/summary.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "17112", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/17112" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-0933", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/0933" ]
}, },
{ "references": {
"name" : "23882", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/23882" "name": "23882",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/23882"
"name" : "1015756", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015756" "name": "20060325 [eVuln] DSCounter 'X-Forwarded-For' SQL Injection Vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/428807/100/0/threaded"
"name" : "19206", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19206" "name": "1015756",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1015756"
"name" : "627", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/627" "name": "19206",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19206"
"name" : "dscounter-index-sql-injection(25190)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25190" "name": "627",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/627"
} },
} {
"name": "dscounter-index-sql-injection(25190)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25190"
},
{
"name": "ADV-2006-0933",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0933"
},
{
"name": "http://evuln.com/vulns/98/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/98/summary.html"
},
{
"name": "17112",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17112"
}
]
}
}

370
2006/1xxx/CVE-2006-1530.json
View File

@ -1,187 +1,187 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2006-1530", "ID": "CVE-2006-1530",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-20.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-20.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=326615", ]
"refsource" : "MISC", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=326615" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-1046", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1046" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-1051", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2006/dsa-1051" ]
}, },
{ "references": {
"name" : "HPSBUX02153", "reference_data": [
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" "name": "oval:org.mitre.oval:def:1903",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1903"
"name" : "SSRT061181", },
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-20.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-20.html"
"name" : "HPSBUX02156", },
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=326615",
}, "refsource": "MISC",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=326615"
"name" : "SSRT061236", },
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" "name": "ADV-2006-3748",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3748"
"name" : "SCOSA-2006.26", },
"refsource" : "SCO", {
"url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt" "name": "19941",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19941"
"name" : "VU#350262", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/350262" "name": "DSA-1051",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1051"
"name" : "17516", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/17516" "name": "ADV-2006-3749",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3749"
"name" : "ADV-2006-1356", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1356" "name": "21033",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21033"
"name" : "ADV-2006-3748", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3748" "name": "VU#350262",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/350262"
"name" : "ADV-2006-3749", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3749" "name": "ADV-2008-0083",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/0083"
"name" : "ADV-2008-0083", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0083" "name": "SSRT061181",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
"name" : "oval:org.mitre.oval:def:1903", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1903" "name": "ADV-2006-1356",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/1356"
"name" : "1015919", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015919" "name": "SSRT061236",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
"name" : "1015921", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015921" "name": "1015921",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1015921"
"name" : "1015920", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015920" "name": "HPSBUX02153",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
"name" : "19631", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19631" "name": "19649",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19649"
"name" : "19649", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19649" "name": "19863",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19863"
"name" : "19863", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19863" "name": "HPSBUX02156",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
"name" : "19941", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19941" "name": "SCOSA-2006.26",
}, "refsource": "SCO",
{ "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt"
"name" : "21033", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21033" "name": "17516",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/17516"
"name" : "22065", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22065" "name": "1015919",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1015919"
"name" : "22066", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22066" "name": "22066",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/22066"
} },
} {
"name": "1015920",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015920"
},
{
"name": "22065",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22065"
},
{
"name": "19631",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19631"
},
{
"name": "DSA-1046",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1046"
}
]
}
}

190
2006/1xxx/CVE-2006-1568.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1568", "ID": "CVE-2006-1568",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in register.php in RedCMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) email, (2) location, or (3) website parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060413 [eVuln] RedCMS Multiple XSS and SQL Injection Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/431001/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in register.php in RedCMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) email, (2) location, or (3) website parameters."
{ }
"name" : "http://evuln.com/vulns/115/summary.html", ]
"refsource" : "MISC", },
"url" : "http://evuln.com/vulns/115/summary.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "17336", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/17336" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-1186", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/1186" ]
}, },
{ "references": {
"name" : "24296", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/24296" "name": "20060413 [eVuln] RedCMS Multiple XSS and SQL Injection Vulnerabilities",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/431001/100/0/threaded"
"name" : "19475", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19475" "name": "redcms-register-xss(25577)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25577"
"name" : "708", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/708" "name": "17336",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/17336"
"name" : "redcms-register-xss(25577)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25577" "name": "ADV-2006-1186",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/1186"
} },
} {
"name": "http://evuln.com/vulns/115/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/115/summary.html"
},
{
"name": "708",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/708"
},
{
"name": "19475",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19475"
},
{
"name": "24296",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24296"
}
]
}
}

170
2006/3xxx/CVE-2006-3250.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3250", "ID": "CVE-2006-3250",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Windows Live Messenger 8.0 allows user-assisted attackers to execute arbitrary code via a crafted Contact List (.ctt) file, which triggers the overflow when it is imported by the user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060625 Windows Live Messenger 8.0 ( Contact List *.ctt ) Heap Overflow", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/438442/100/0/threaded" "lang": "eng",
}, "value": "Heap-based buffer overflow in Windows Live Messenger 8.0 allows user-assisted attackers to execute arbitrary code via a crafted Contact List (.ctt) file, which triggers the overflow when it is imported by the user."
{ }
"name" : "http://www.jaascois.com/exploits/18602016/", ]
"refsource" : "MISC", },
"url" : "http://www.jaascois.com/exploits/18602016/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1108/exploit.html", "description": [
"refsource" : "MISC", {
"url" : "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1108/exploit.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "18639", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/18639" ]
}, },
{ "references": {
"name" : "1016373", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016373" "name": "http://www.jaascois.com/exploits/18602016/",
}, "refsource": "MISC",
{ "url": "http://www.jaascois.com/exploits/18602016/"
"name" : "live-messenger-contact-list-dos(27417)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27417" "name": "20060625 Windows Live Messenger 8.0 ( Contact List *.ctt ) Heap Overflow",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/438442/100/0/threaded"
} },
} {
"name": "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1108/exploit.html",
"refsource": "MISC",
"url": "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1108/exploit.html"
},
{
"name": "1016373",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016373"
},
{
"name": "live-messenger-contact-list-dos(27417)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27417"
},
{
"name": "18639",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18639"
}
]
}
}

190
2006/3xxx/CVE-2006-3637.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2006-3637", "ID": "CVE-2006-3637",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka \"HTML Rendering Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS06-042", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" "lang": "eng",
}, "value": "Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka \"HTML Rendering Memory Corruption Vulnerability.\""
{ }
"name" : "TA06-220A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#340060", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/340060" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-3212", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/3212" ]
}, },
{ "references": {
"name" : "27853", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27853" "name": "27853",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/27853"
"name" : "oval:org.mitre.oval:def:502", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A502" "name": "1016663",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016663"
"name" : "1016663", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016663" "name": "MS06-042",
}, "refsource": "MS",
{ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
"name" : "21396", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21396" "name": "21396",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/21396"
} },
} {
"name": "ADV-2006-3212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3212"
},
{
"name": "TA06-220A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"name": "VU#340060",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/340060"
},
{
"name": "oval:org.mitre.oval:def:502",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A502"
}
]
}
}

150
2006/4xxx/CVE-2006-4453.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4453", "ID": "CVE-2006-4453",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving \"table markups\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.pmichaud.com/wiki/PmWiki/ChangeLog", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.pmichaud.com/wiki/PmWiki/ChangeLog" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving \"table markups\"."
{ }
"name" : "19747", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/19747" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "28268", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/28268" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "21667", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/21667" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://www.pmichaud.com/wiki/PmWiki/ChangeLog",
"refsource": "CONFIRM",
"url": "http://www.pmichaud.com/wiki/PmWiki/ChangeLog"
},
{
"name": "28268",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28268"
},
{
"name": "21667",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21667"
},
{
"name": "19747",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19747"
}
]
}
}

340
2006/4xxx/CVE-2006-4805.json
View File

@ -1,172 +1,172 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2006-4805", "ID": "CVE-2006-4805",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in Wireshark (formerly Ethereal) 0.9.8 through 0.99.3 allows remote attackers to cause a denial of service (memory consumption and crash) via an encoded XOT packet that produces a zero length value when it is decoded."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061101 rPSA-2006-0202-1 tshark wireshark", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/450307/100/0/threaded" "lang": "eng",
}, "value": "epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in Wireshark (formerly Ethereal) 0.9.8 through 0.99.3 allows remote attackers to cause a denial of service (memory consumption and crash) via an encoded XOT packet that produces a zero length value when it is decoded."
{ }
"name" : "http://www.wireshark.org/security/wnpa-sec-2006-03.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.wireshark.org/security/wnpa-sec-2006-03.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://issues.rpath.com/browse/RPL-746", "description": [
"refsource" : "CONFIRM", {
"url" : "https://issues.rpath.com/browse/RPL-746" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-255.htm", ]
"refsource" : "CONFIRM", }
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-255.htm" ]
}, },
{ "references": {
"name" : "DSA-1201", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.us.debian.org/security/2006/dsa-1201" "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-255.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-255.htm"
"name" : "MDKSA-2006:195", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:195" "name": "23096",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/23096"
"name" : "RHSA-2006:0726", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0726.html" "name": "http://www.wireshark.org/security/wnpa-sec-2006-03.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.wireshark.org/security/wnpa-sec-2006-03.html"
"name" : "20061101-01-P", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P" "name": "DSA-1201",
}, "refsource": "DEBIAN",
{ "url": "http://www.us.debian.org/security/2006/dsa-1201"
"name" : "SUSE-SA:2006:065", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2006_65_ethereal.html" "name": "https://issues.rpath.com/browse/RPL-746",
}, "refsource": "CONFIRM",
{ "url": "https://issues.rpath.com/browse/RPL-746"
"name" : "VU#723736", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/723736" "name": "22590",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22590"
"name" : "20762", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/20762" "name": "20061101-01-P",
}, "refsource": "SGI",
{ "url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P"
"name" : "oval:org.mitre.oval:def:10199", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10199" "name": "ADV-2006-4220",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/4220"
"name" : "ADV-2006-4220", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4220" "name": "wireshark-xot-dos(29843)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29843"
"name" : "1017129", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1017129" "name": "22841",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22841"
"name" : "22590", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22590" "name": "VU#723736",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/723736"
"name" : "22692", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22692" "name": "20762",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/20762"
"name" : "22659", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22659" "name": "oval:org.mitre.oval:def:10199",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10199"
"name" : "22672", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22672" "name": "SUSE-SA:2006:065",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2006_65_ethereal.html"
"name" : "22797", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22797" "name": "RHSA-2006:0726",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0726.html"
"name" : "22841", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22841" "name": "22929",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22929"
"name" : "22929", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22929" "name": "20061101 rPSA-2006-0202-1 tshark wireshark",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/450307/100/0/threaded"
"name" : "23096", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23096" "name": "22659",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22659"
"name" : "wireshark-xot-dos(29843)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29843" "name": "22692",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/22692"
} },
} {
"name": "MDKSA-2006:195",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:195"
},
{
"name": "1017129",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017129"
},
{
"name": "22672",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22672"
},
{
"name": "22797",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22797"
}
]
}
}

160
2010/2xxx/CVE-2010-2669.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2669", "ID": "CVE-2010-2669",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in admin/editors/text/editor-body.php in Orbis CMS 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://cross-site-scripting.blogspot.com/2010/07/orbis-102-reflected-xss.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://cross-site-scripting.blogspot.com/2010/07/orbis-102-reflected-xss.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in admin/editors/text/editor-body.php in Orbis CMS 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter."
{ }
"name" : "41390", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/41390" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "66021", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/66021" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "40474", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/40474" ]
}, },
{ "references": {
"name" : "orbis-editbody-xss(60087)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60087" "name": "66021",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/66021"
} },
} {
"name": "http://cross-site-scripting.blogspot.com/2010/07/orbis-102-reflected-xss.html",
"refsource": "MISC",
"url": "http://cross-site-scripting.blogspot.com/2010/07/orbis-102-reflected-xss.html"
},
{
"name": "orbis-editbody-xss(60087)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60087"
},
{
"name": "40474",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40474"
},
{
"name": "41390",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41390"
}
]
}
}

160
2010/2xxx/CVE-2010-2693.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secteam@freebsd.org",
"ID" : "CVE-2010-2693", "ID": "CVE-2010-2693",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FreeBSD 7.1 through 8.1-PRERELEASE does not copy the read-only flag when creating a duplicate mbuf buffer reference, which allows local users to cause a denial of service (system file corruption) and gain privileges via the sendfile system call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "FreeBSD-SA-10:07", "description_data": [
"refsource" : "FREEBSD", {
"url" : "http://security.freebsd.org/advisories/FreeBSD-SA-10:07.mbuf.asc" "lang": "eng",
}, "value": "FreeBSD 7.1 through 8.1-PRERELEASE does not copy the read-only flag when creating a duplicate mbuf buffer reference, which allows local users to cause a denial of service (system file corruption) and gain privileges via the sendfile system call."
{ }
"name" : "41577", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/41577" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1024182", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1024182" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "40567", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/40567" ]
}, },
{ "references": {
"name" : "ADV-2010-1787", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1787" "name": "ADV-2010-1787",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2010/1787"
} },
} {
"name": "FreeBSD-SA-10:07",
"refsource": "FREEBSD",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-10:07.mbuf.asc"
},
{
"name": "1024182",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024182"
},
{
"name": "40567",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40567"
},
{
"name": "41577",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41577"
}
]
}
}

150
2010/2xxx/CVE-2010-2698.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2698", "ID": "CVE-2010-2698",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Sijio Community Software allow remote authenticated users to inject arbitrary web script or HTML via the title parameter when (1) editing a new blog, (2) adding an album, or (3) editing an album. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "14260", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/14260" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in Sijio Community Software allow remote authenticated users to inject arbitrary web script or HTML via the title parameter when (1) editing a new blog, (2) adding an album, or (3) editing an album. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "66154", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/66154" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "40492", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40492" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "sijio-title-xss(60176)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60176" ]
} },
] "references": {
} "reference_data": [
} {
"name": "14260",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14260"
},
{
"name": "sijio-title-xss(60176)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60176"
},
{
"name": "66154",
"refsource": "OSVDB",
"url": "http://osvdb.org/66154"
},
{
"name": "40492",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40492"
}
]
}
}

130
2010/2xxx/CVE-2010-2835.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2010-2835", "ID": "CVE-2010-2835",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.0 before 7.0(2a)su3, 7.1su before 7.1(3b)su2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a SIP REFER request with an invalid Refer-To header, aka Bug IDs CSCta20040 and CSCta31358."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100922 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities", "description_data": [
"refsource" : "CISCO", {
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml" "lang": "eng",
}, "value": "Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.0 before 7.0(2a)su3, 7.1su before 7.1(3b)su2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a SIP REFER request with an invalid Refer-To header, aka Bug IDs CSCta20040 and CSCta31358."
{ }
"name" : "20100922 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities", ]
"refsource" : "CISCO", },
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a313.shtml" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100922 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a313.shtml"
},
{
"name": "20100922 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml"
}
]
}
}

180
2010/3xxx/CVE-2010-3035.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2010-3035", "ID": "CVE-2010-3035",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[nanog] 20100827 Did your BGP crash today?", "description_data": [
"refsource" : "MLIST", {
"url" : "http://mailman.nanog.org/pipermail/nanog/2010-August/024837.html" "lang": "eng",
}, "value": "Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211."
{ }
"name" : "20100827 Cisco IOS XR Software Border Gateway Protocol Vulnerability", ]
"refsource" : "CISCO", },
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4411f.shtml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "67696", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/67696" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1024371", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1024371" ]
}, },
{ "references": {
"name" : "41190", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/41190" "name": "ciscoiosxr-bgp-packet-dos(61443)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61443"
"name" : "ADV-2010-2227", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2227" "name": "1024371",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1024371"
"name" : "ciscoiosxr-bgp-packet-dos(61443)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61443" "name": "20100827 Cisco IOS XR Software Border Gateway Protocol Vulnerability",
} "refsource": "CISCO",
] "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4411f.shtml"
} },
} {
"name": "[nanog] 20100827 Did your BGP crash today?",
"refsource": "MLIST",
"url": "http://mailman.nanog.org/pipermail/nanog/2010-August/024837.html"
},
{
"name": "41190",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41190"
},
{
"name": "ADV-2010-2227",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2227"
},
{
"name": "67696",
"refsource": "OSVDB",
"url": "http://osvdb.org/67696"
}
]
}
}

140
2010/3xxx/CVE-2010-3105.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-3105", "ID": "CVE-2010-3105",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PluginGetDriverFile function in Novell iPrint Client before 5.44 interprets an uninitialized memory location as a pointer value, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "42576", "description_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/42576" "lang": "eng",
}, "value": "The PluginGetDriverFile function in Novell iPrint Client before 5.44 interprets an uninitialized memory location as a pointer value, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "oval:org.mitre.oval:def:11817", ]
"refsource" : "OVAL", },
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11817" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "40805", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40805" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "42576",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42576"
},
{
"name": "oval:org.mitre.oval:def:11817",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11817"
},
{
"name": "40805",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40805"
}
]
}
}

290
2010/3xxx/CVE-2010-3173.json
View File

@ -1,147 +1,147 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-3173", "ID": "CVE-2010-3173",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-72.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-72.html" "lang": "eng",
}, "value": "The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=554354", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=554354" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=583337", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=583337" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=587234", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=587234" ]
}, },
{ "references": {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=595300", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=595300" "name": "RHSA-2010:0782",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0782.html"
"name" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", },
"refsource" : "CONFIRM", {
"url" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=554354",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=554354"
"name" : "http://support.avaya.com/css/P8/documents/100114250", },
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/css/P8/documents/100114250" "name": "MDVSA-2010:210",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:210"
"name" : "http://support.avaya.com/css/P8/documents/100120156", },
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/css/P8/documents/100120156" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=583337",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=583337"
"name" : "DSA-2123", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2010/dsa-2123" "name": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox",
}, "refsource": "CONFIRM",
{ "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox"
"name" : "MDVSA-2010:210", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:210" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=595300",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=595300"
"name" : "MDVSA-2010:211", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:211" "name": "RHSA-2010:0781",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0781.html"
"name" : "RHSA-2010:0781", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0781.html" "name": "42867",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42867"
"name" : "RHSA-2010:0782", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0782.html" "name": "MDVSA-2010:211",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:211"
"name" : "USN-1007-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1007-1" "name": "ADV-2011-0061",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0061"
"name" : "oval:org.mitre.oval:def:12118", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12118" "name": "oval:org.mitre.oval:def:12118",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12118"
"name" : "41839", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/41839" "name": "USN-1007-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1007-1"
"name" : "42867", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42867" "name": "DSA-2123",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2010/dsa-2123"
"name" : "ADV-2011-0061", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0061" "name": "http://support.avaya.com/css/P8/documents/100114250",
} "refsource": "CONFIRM",
] "url": "http://support.avaya.com/css/P8/documents/100114250"
} },
} {
"name": "http://www.mozilla.org/security/announce/2010/mfsa2010-72.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-72.html"
},
{
"name": "http://support.avaya.com/css/P8/documents/100120156",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100120156"
},
{
"name": "41839",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41839"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=587234",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=587234"
}
]
}
}

130
2010/3xxx/CVE-2010-3540.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2010-3540", "ID": "CVE-2010-3540",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability, related to ZFS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability, related to ZFS."
{ }
"name" : "TA10-287A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name": "TA10-287A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
}
]
}
}

140
2010/3xxx/CVE-2010-3584.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2010-3584", "ID": "CVE-2010-3584",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle VM component in Oracle VM 2.2.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a third party researcher that this is related to the storage of passwords and password hashes in cleartext in files with insecure permissions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20101102 [Onapsis Security Advisory 2010-010] Oracle Virtual Server Agent Local Privilege Escalation", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/514612/100/0/threaded" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle VM component in Oracle VM 2.2.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a third party researcher that this is related to the storage of passwords and password hashes in cleartext in files with insecure permissions."
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "TA10-287A", "description": [
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20101102 [Onapsis Security Advisory 2010-010] Oracle Virtual Server Agent Local Privilege Escalation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514612/100/0/threaded"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name": "TA10-287A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
}
]
}
}

200
2010/3xxx/CVE-2010-3657.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2010-3657", "ID": "CVE-2010-3657",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3656."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3656."
{ }
"name" : "GLSA-201101-08", ]
"refsource" : "GENTOO", },
"url" : "http://security.gentoo.org/glsa/glsa-201101-08.xml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2010:0743", "description": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0743.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SUSE-SA:2010:048", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html" ]
}, },
{ "references": {
"name" : "SUSE-SR:2010:019", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" "name": "SUSE-SA:2010:048",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html"
"name" : "TA10-279A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-279A.html" "name": "ADV-2011-0191",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0191"
"name" : "oval:org.mitre.oval:def:6791", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6791" "name": "43025",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43025"
"name" : "43025", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43025" "name": "GLSA-201101-08",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201101-08.xml"
"name" : "ADV-2011-0191", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0191" "name": "oval:org.mitre.oval:def:6791",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6791"
} },
} {
"name": "RHSA-2010:0743",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0743.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-21.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-21.html"
},
{
"name": "TA10-279A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-279A.html"
},
{
"name": "SUSE-SR:2010:019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
}
]
}
}

160
2010/4xxx/CVE-2010-4195.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2010-4195", "ID": "CVE-2010-4195",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The TextXtra module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb11-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb11-01.html" "lang": "eng",
}, "value": "The TextXtra module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors."
{ }
"name" : "VU#189929", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/189929" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "46336", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/46336" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1025056", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1025056" ]
}, },
{ "references": {
"name" : "ADV-2011-0335", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0335" "name": "VU#189929",
} "refsource": "CERT-VN",
] "url": "http://www.kb.cert.org/vuls/id/189929"
} },
} {
"name": "ADV-2011-0335",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0335"
},
{
"name": "46336",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46336"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-01.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-01.html"
},
{
"name": "1025056",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025056"
}
]
}
}

150
2010/4xxx/CVE-2010-4885.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4885", "ID": "CVE-2010-4885",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the XING Button (xing) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://typo3.org/extensions/repository/view/xing/1.0.2/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://typo3.org/extensions/repository/view/xing/1.0.2/" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the XING Button (xing) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/", ]
"refsource" : "CONFIRM", },
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "42937", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/42937" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "41269", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/41269" ]
} },
] "references": {
} "reference_data": [
} {
"name": "42937",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42937"
},
{
"name": "http://typo3.org/extensions/repository/view/xing/1.0.2/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/xing/1.0.2/"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
},
{
"name": "41269",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41269"
}
]
}
}

250
2011/1xxx/CVE-2011-1163.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-1163", "ID": "CVE-2011-1163",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20110317 [PRE-SA-2011-02] Information disclosure vulnerability in the OSF partition handling code of the Linux kernel", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/517050" "lang": "eng",
}, "value": "The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing."
{ }
"name" : "[mm-commits] 20110314 + fs-partitions-osfc-corrupted-osf-partition-table-can-cause-information-disclosure.patch added to -mm tree", ]
"refsource" : "MLIST", },
"url" : "http://www.spinics.net/lists/mm-commits/msg82737.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20110315 CVE Request: kernel: fs/partitions: Corrupted OSF partition table can cause information disclosure", "description": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2011/03/15/9" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20110315 Re: CVE Request: kernel: fs/partitions: Corrupted OSF partition table can cause information disclosure", ]
"refsource" : "MLIST", }
"url" : "http://openwall.com/lists/oss-security/2011/03/15/14" ]
}, },
{ "references": {
"name" : "http://www.pre-cert.de/advisories/PRE-SA-2011-02.txt", "reference_data": [
"refsource" : "MISC", {
"url" : "http://www.pre-cert.de/advisories/PRE-SA-2011-02.txt" "name": "[mm-commits] 20110314 + fs-partitions-osfc-corrupted-osf-partition-table-can-cause-information-disclosure.patch added to -mm tree",
}, "refsource": "MLIST",
{ "url": "http://www.spinics.net/lists/mm-commits/msg82737.html"
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1eafbfeb7bdf59cfe173304c76188f3fd5f1fd05", },
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1eafbfeb7bdf59cfe173304c76188f3fd5f1fd05" "name": "46878",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/46878"
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38", },
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38" "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1eafbfeb7bdf59cfe173304c76188f3fd5f1fd05",
}, "refsource": "CONFIRM",
{ "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1eafbfeb7bdf59cfe173304c76188f3fd5f1fd05"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=688021", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=688021" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=688021",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=688021"
"name" : "http://downloads.avaya.com/css/P8/documents/100145416", },
"refsource" : "CONFIRM", {
"url" : "http://downloads.avaya.com/css/P8/documents/100145416" "name": "8189",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/8189"
"name" : "RHSA-2011:0833", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2011-0833.html" "name": "1025225",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1025225"
"name" : "SUSE-SU-2015:0812", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html" "name": "[oss-security] 20110315 Re: CVE Request: kernel: fs/partitions: Corrupted OSF partition table can cause information disclosure",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2011/03/15/14"
"name" : "46878", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/46878" "name": "RHSA-2011:0833",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2011-0833.html"
"name" : "1025225", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1025225" "name": "[oss-security] 20110315 CVE Request: kernel: fs/partitions: Corrupted OSF partition table can cause information disclosure",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2011/03/15/9"
"name" : "8189", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/8189" "name": "http://www.pre-cert.de/advisories/PRE-SA-2011-02.txt",
} "refsource": "MISC",
] "url": "http://www.pre-cert.de/advisories/PRE-SA-2011-02.txt"
} },
} {
"name": "http://downloads.avaya.com/css/P8/documents/100145416",
"refsource": "CONFIRM",
"url": "http://downloads.avaya.com/css/P8/documents/100145416"
},
{
"name": "20110317 [PRE-SA-2011-02] Information disclosure vulnerability in the OSF partition handling code of the Linux kernel",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517050"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38"
},
{
"name": "SUSE-SU-2015:0812",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
}
]
}
}

170
2011/1xxx/CVE-2011-1457.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-1457", "ID": "CVE-2011-1457",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT4808", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4808" "lang": "eng",
}, "value": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1."
{ }
"name" : "http://support.apple.com/kb/HT4981", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT4981" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT4999", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4999" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2011-07-20-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2011-10-11-1", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" "name": "http://support.apple.com/kb/HT4981",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4981"
"name" : "APPLE-SA-2011-10-12-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" "name": "APPLE-SA-2011-10-12-1",
} "refsource": "APPLE",
] "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
} },
} {
"name": "APPLE-SA-2011-10-11-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT4999",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4999"
},
{
"name": "http://support.apple.com/kb/HT4808",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4808"
},
{
"name": "APPLE-SA-2011-07-20-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
}
]
}
}

180
2011/1xxx/CVE-2011-1864.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "hp-security-alert@hp.com",
"ID" : "CVE-2011-1864", "ID": "CVE-2011-1864",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP OpenView Storage Data Protector 6.0, 6.10, and 6.11 allows remote attackers to execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBMA02631", "description_data": [
"refsource" : "HP", {
"url" : "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02712867" "lang": "eng",
}, "value": "Unspecified vulnerability in HP OpenView Storage Data Protector 6.0, 6.10, and 6.11 allows remote attackers to execute arbitrary code via unknown vectors."
{ }
"name" : "SSRT100324", ]
"refsource" : "HP", },
"url" : "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02712867" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "48178", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/48178" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "72864", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/72864" ]
}, },
{ "references": {
"name" : "1025620", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1025620" "name": "SSRT100324",
}, "refsource": "HP",
{ "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02712867"
"name" : "44884", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/44884" "name": "72864",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/72864"
"name" : "hp-openview-data-code-execution(67960)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67960" "name": "HPSBMA02631",
} "refsource": "HP",
] "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02712867"
} },
} {
"name": "1025620",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025620"
},
{
"name": "hp-openview-data-code-execution(67960)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67960"
},
{
"name": "48178",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48178"
},
{
"name": "44884",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44884"
}
]
}
}

140
2011/5xxx/CVE-2011-5023.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-5023", "ID": "CVE-2011-5023",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Pligg CMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the search program, a different vulnerability than CVE-2011-3986."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://sitewat.ch/Advisory/View/6", "description_data": [
"refsource" : "MISC", {
"url" : "https://sitewat.ch/Advisory/View/6" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Pligg CMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the search program, a different vulnerability than CVE-2011-3986."
{ }
"name" : "http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2257", ]
"refsource" : "CONFIRM", },
"url" : "http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2257" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "51274", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/51274" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://sitewat.ch/Advisory/View/6",
"refsource": "MISC",
"url": "https://sitewat.ch/Advisory/View/6"
},
{
"name": "http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2257",
"refsource": "CONFIRM",
"url": "http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2257"
},
{
"name": "51274",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51274"
}
]
}
}

140
2011/5xxx/CVE-2011-5308.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-5308", "ID": "CVE-2011-5308",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in cdnvote-post.php in the cdnvote plugin before 0.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) cdnvote_post_id or (2) cdnvote_point parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.htbridge.com/advisory/HTB22845", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.htbridge.com/advisory/HTB22845" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in cdnvote-post.php in the cdnvote plugin before 0.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) cdnvote_post_id or (2) cdnvote_point parameter."
{ }
"name" : "http://wpsecure.net/2011/02/cdnvote-plugin/", ]
"refsource" : "CONFIRM", },
"url" : "http://wpsecure.net/2011/02/cdnvote-plugin/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://plugins.trac.wordpress.org/changeset/350873/cdnvote/trunk/cdnvote-post.php", "description": [
"refsource" : "CONFIRM", {
"url" : "https://plugins.trac.wordpress.org/changeset/350873/cdnvote/trunk/cdnvote-post.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://wpsecure.net/2011/02/cdnvote-plugin/",
"refsource": "CONFIRM",
"url": "http://wpsecure.net/2011/02/cdnvote-plugin/"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/350873/cdnvote/trunk/cdnvote-post.php",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/350873/cdnvote/trunk/cdnvote-post.php"
},
{
"name": "https://www.htbridge.com/advisory/HTB22845",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB22845"
}
]
}
}

34
2014/3xxx/CVE-2014-3237.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-3237", "ID": "CVE-2014-3237",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

170
2014/3xxx/CVE-2014-3375.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2014-3375", "ID": "CVE-2014-3375",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36297", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36297" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597."
{ }
"name" : "20141030 Cisco Unified Communications Manager Service Interface Reflected Cross-Site Scripting Vulnerability", ]
"refsource" : "CISCO", },
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3375" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "70850", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/70850" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1031163", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1031163" ]
}, },
{ "references": {
"name" : "61025", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/61025" "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36297",
}, "refsource": "CONFIRM",
{ "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36297"
"name" : "cisco-ucm-cve20143375-xss(98408)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98408" "name": "70850",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/70850"
} },
} {
"name": "20141030 Cisco Unified Communications Manager Service Interface Reflected Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3375"
},
{
"name": "cisco-ucm-cve20143375-xss(98408)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98408"
},
{
"name": "1031163",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031163"
},
{
"name": "61025",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61025"
}
]
}
}

160
2014/3xxx/CVE-2014-3607.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-3607", "ID": "CVE-2014-3607",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://shibboleth.net/community/advisories/secadv_20140919.txt", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://shibboleth.net/community/advisories/secadv_20140919.txt" "lang": "eng",
}, "value": "DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1140438", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1140438" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://code.google.com/archive/p/vt-middleware/issues/226", "description": [
"refsource" : "CONFIRM", {
"url" : "https://code.google.com/archive/p/vt-middleware/issues/226" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://code.google.com/archive/p/vt-middleware/issues/227", ]
"refsource" : "CONFIRM", }
"url" : "https://code.google.com/archive/p/vt-middleware/issues/227" ]
}, },
{ "references": {
"name" : "https://code.google.com/archive/p/vt-middleware/issues/228", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://code.google.com/archive/p/vt-middleware/issues/228" "name": "http://shibboleth.net/community/advisories/secadv_20140919.txt",
} "refsource": "CONFIRM",
] "url": "http://shibboleth.net/community/advisories/secadv_20140919.txt"
} },
} {
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1140438",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1140438"
},
{
"name": "https://code.google.com/archive/p/vt-middleware/issues/227",
"refsource": "CONFIRM",
"url": "https://code.google.com/archive/p/vt-middleware/issues/227"
},
{
"name": "https://code.google.com/archive/p/vt-middleware/issues/226",
"refsource": "CONFIRM",
"url": "https://code.google.com/archive/p/vt-middleware/issues/226"
},
{
"name": "https://code.google.com/archive/p/vt-middleware/issues/228",
"refsource": "CONFIRM",
"url": "https://code.google.com/archive/p/vt-middleware/issues/228"
}
]
}
}

140
2014/3xxx/CVE-2014-3862.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-3862", "ID": "CVE-2014-3862",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a Referer log."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://smartplatforms.org/2014/04/security-vulnerabilities-in-ccda-display/", "description_data": [
"refsource" : "MISC", {
"url" : "http://smartplatforms.org/2014/04/security-vulnerabilities-in-ccda-display/" "lang": "eng",
}, "value": "CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a Referer log."
{ }
"name" : "http://gforge.hl7.org/gf/project/strucdoc/frs/?action=FrsReleaseView&release_id=1088", ]
"refsource" : "CONFIRM", },
"url" : "http://gforge.hl7.org/gf/project/strucdoc/frs/?action=FrsReleaseView&release_id=1088" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://motorcycleguy.blogspot.com/2014/04/hl7-cda-stylesheet-patches.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://motorcycleguy.blogspot.com/2014/04/hl7-cda-stylesheet-patches.html" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://motorcycleguy.blogspot.com/2014/04/hl7-cda-stylesheet-patches.html",
"refsource": "CONFIRM",
"url": "http://motorcycleguy.blogspot.com/2014/04/hl7-cda-stylesheet-patches.html"
},
{
"name": "http://gforge.hl7.org/gf/project/strucdoc/frs/?action=FrsReleaseView&release_id=1088",
"refsource": "CONFIRM",
"url": "http://gforge.hl7.org/gf/project/strucdoc/frs/?action=FrsReleaseView&release_id=1088"
},
{
"name": "http://smartplatforms.org/2014/04/security-vulnerabilities-in-ccda-display/",
"refsource": "MISC",
"url": "http://smartplatforms.org/2014/04/security-vulnerabilities-in-ccda-display/"
}
]
}
}

130
2014/7xxx/CVE-2014-7265.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2014-7265", "ID": "CVE-2014-7265",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in LinPHA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "JVN#61181790", "description_data": [
"refsource" : "JVN", {
"url" : "http://jvn.jp/en/jp/JVN61181790/index.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in LinPHA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "JVNDB-2014-000150", ]
"refsource" : "JVNDB", },
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000150" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2014-000150",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000150"
},
{
"name": "JVN#61181790",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN61181790/index.html"
}
]
}
}

160
2014/8xxx/CVE-2014-8031.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2014-8031", "ID": "CVE-2014-8031",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj40456."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150108 Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8031" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj40456."
{ }
"name" : "71943", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/71943" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1031517", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031517" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "62173", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/62173" ]
}, },
{ "references": {
"name" : "cisco-webex-cve20148031-csrf(100575)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100575" "name": "cisco-webex-cve20148031-csrf(100575)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100575"
} },
} {
"name": "1031517",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031517"
},
{
"name": "20150108 Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8031"
},
{
"name": "62173",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62173"
},
{
"name": "71943",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71943"
}
]
}
}

150
2014/9xxx/CVE-2014-9494.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-9494", "ID": "CVE-2014-9494",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20150103 Re: CVE request: insufficient 'X-Forwarded-For' header validation in rabbitmq-server", "description_data": [
"refsource" : "MLIST", {
"url" : "http://seclists.org/oss-sec/2015/q1/30" "lang": "eng",
}, "value": "RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header."
{ }
"name" : "http://www.rabbitmq.com/release-notes/README-3.4.0.txt", ]
"refsource" : "CONFIRM", },
"url" : "http://www.rabbitmq.com/release-notes/README-3.4.0.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://groups.google.com/forum/#!topic/rabbitmq-users/DMkypbSvIyM", "description": [
"refsource" : "CONFIRM", {
"url" : "https://groups.google.com/forum/#!topic/rabbitmq-users/DMkypbSvIyM" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "rabbitmq-cve20149494-sec-bypass(99685)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99685" ]
} },
] "references": {
} "reference_data": [
} {
"name": "rabbitmq-cve20149494-sec-bypass(99685)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99685"
},
{
"name": "https://groups.google.com/forum/#!topic/rabbitmq-users/DMkypbSvIyM",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/rabbitmq-users/DMkypbSvIyM"
},
{
"name": "[oss-security] 20150103 Re: CVE request: insufficient 'X-Forwarded-For' header validation in rabbitmq-server",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q1/30"
},
{
"name": "http://www.rabbitmq.com/release-notes/README-3.4.0.txt",
"refsource": "CONFIRM",
"url": "http://www.rabbitmq.com/release-notes/README-3.4.0.txt"
}
]
}
}

34
2014/9xxx/CVE-2014-9723.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9723", "ID": "CVE-2014-9723",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2014/9xxx/CVE-2014-9909.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2014-9909", "ID": "CVE-2014-9909",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31676542. References: B-RB#26684."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2016-12-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2016-12-01.html" "lang": "eng",
}, "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31676542. References: B-RB#26684."
{ }
"name" : "94685", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/94685" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2016-12-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2016-12-01.html"
},
{
"name": "94685",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94685"
}
]
}
}

34
2016/2xxx/CVE-2016-2218.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-2218", "ID": "CVE-2016-2218",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2016/2xxx/CVE-2016-2333.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2016-2333", "ID": "CVE-2016-2333",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 use the same hardcoded encryption key across different customers' installations, which allows attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#822980", "description_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/822980" "lang": "eng",
} "value": "SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 use the same hardcoded encryption key across different customers' installations, which allows attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#822980",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/822980"
}
]
}
}

34
2016/2xxx/CVE-2016-2656.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-2656", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-2656",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

220
2016/2xxx/CVE-2016-2822.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2016-2822", "ID": "CVE-2016-2822",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-52.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-52.html" "lang": "eng",
}, "value": "Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1273129", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1273129" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-3600", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2016/dsa-3600" ]
}, },
{ "references": {
"name" : "RHSA-2016:1217", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2016:1217" "name": "1036057",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1036057"
"name" : "openSUSE-SU-2016:1552", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html" "name": "RHSA-2016:1217",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2016:1217"
"name" : "openSUSE-SU-2016:1557", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html" "name": "openSUSE-SU-2016:1557",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html"
"name" : "SUSE-SU-2016:1691", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html" "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
"name" : "USN-2993-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2993-1" "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-52.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-52.html"
"name" : "91075", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/91075" "name": "openSUSE-SU-2016:1552",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html"
"name" : "1036057", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036057" "name": "USN-2993-1",
} "refsource": "UBUNTU",
] "url": "http://www.ubuntu.com/usn/USN-2993-1"
} },
} {
"name": "SUSE-SU-2016:1691",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html"
},
{
"name": "91075",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91075"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1273129",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1273129"
},
{
"name": "DSA-3600",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3600"
}
]
}
}

150
2016/2xxx/CVE-2016-2925.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2016-2925", "ID": "CVE-2016-2925",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF30, 8.0.0.x through 8.0.0.1 CF21, and 8.5.0 before CF10 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21986461", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21986461" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF30, 8.0.0.x through 8.0.0.1 CF21, and 8.5.0 before CF10 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
{ }
"name" : "PI62749", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI62749" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "92180", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/92180" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1036454", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1036454" ]
} },
] "references": {
} "reference_data": [
} {
"name": "1036454",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036454"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21986461",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986461"
},
{
"name": "PI62749",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI62749"
},
{
"name": "92180",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92180"
}
]
}
}

190
2016/6xxx/CVE-2016-6173.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2016-6173", "ID": "CVE-2016-6173",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[dns-operations] 20160704 DNS activities in Japan", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html" "lang": "eng",
}, "value": "NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data."
{ }
"name" : "[nsd-users] 20160809 NSD 4.1.11", ]
"refsource" : "MLIST", },
"url" : "https://open.nlnetlabs.nl/pipermail/nsd-users/2016-August/002342.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20160706 Malicious primary DNS servers can crash secondaries", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/07/06/3" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20160706 Re: Malicious primary DNS servers can crash secondaries", ]
"refsource" : "MLIST", }
"url" : "http://www.openwall.com/lists/oss-security/2016/07/06/4" ]
}, },
{ "references": {
"name" : "https://github.com/sischkg/xfer-limit/blob/master/README.md", "reference_data": [
"refsource" : "MISC", {
"url" : "https://github.com/sischkg/xfer-limit/blob/master/README.md" "name": "[nsd-users] 20160809 NSD 4.1.11",
}, "refsource": "MLIST",
{ "url": "https://open.nlnetlabs.nl/pipermail/nsd-users/2016-August/002342.html"
"name" : "http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES", },
"refsource" : "CONFIRM", {
"url" : "http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES" "name": "[oss-security] 20160706 Malicious primary DNS servers can crash secondaries",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2016/07/06/3"
"name" : "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790", },
"refsource" : "CONFIRM", {
"url" : "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790" "name": "91678",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/91678"
"name" : "91678", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/91678" "name": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790",
} "refsource": "CONFIRM",
] "url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790"
} },
} {
"name": "[dns-operations] 20160704 DNS activities in Japan",
"refsource": "MLIST",
"url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html"
},
{
"name": "[oss-security] 20160706 Re: Malicious primary DNS servers can crash secondaries",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/06/4"
},
{
"name": "http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES",
"refsource": "CONFIRM",
"url": "http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES"
},
{
"name": "https://github.com/sischkg/xfer-limit/blob/master/README.md",
"refsource": "MISC",
"url": "https://github.com/sischkg/xfer-limit/blob/master/README.md"
}
]
}
}

200
2016/6xxx/CVE-2016-6288.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-6288", "ID": "CVE-2016-6288",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160724 Re: Fwd: CVE for PHP 5.5.38 issues", "description_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2016/07/24/2" "lang": "eng",
}, "value": "The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type."
{ }
"name" : "http://git.php.net/?p=php-src.git;a=commit;h=629e4da7cc8b174acdeab84969cbfc606a019b31", ]
"refsource" : "CONFIRM", },
"url" : "http://git.php.net/?p=php-src.git;a=commit;h=629e4da7cc8b174acdeab84969cbfc606a019b31" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://php.net/ChangeLog-5.php", "description": [
"refsource" : "CONFIRM", {
"url" : "http://php.net/ChangeLog-5.php" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugs.php.net/70480", ]
"refsource" : "CONFIRM", }
"url" : "https://bugs.php.net/70480" ]
}, },
{ "references": {
"name" : "https://support.apple.com/HT207170", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207170" "name": "APPLE-SA-2016-09-20",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html"
"name" : "APPLE-SA-2016-09-20", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html" "name": "92111",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/92111"
"name" : "RHSA-2016:2750", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2750.html" "name": "RHSA-2016:2750",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
"name" : "92111", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/92111" "name": "https://bugs.php.net/70480",
}, "refsource": "CONFIRM",
{ "url": "https://bugs.php.net/70480"
"name" : "1036430", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036430" "name": "http://php.net/ChangeLog-5.php",
} "refsource": "CONFIRM",
] "url": "http://php.net/ChangeLog-5.php"
} },
} {
"name": "1036430",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036430"
},
{
"name": "[oss-security] 20160724 Re: Fwd: CVE for PHP 5.5.38 issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2016/07/24/2"
},
{
"name": "https://support.apple.com/HT207170",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207170"
},
{
"name": "http://git.php.net/?p=php-src.git;a=commit;h=629e4da7cc8b174acdeab84969cbfc606a019b31",
"refsource": "CONFIRM",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=629e4da7cc8b174acdeab84969cbfc606a019b31"
}
]
}
}

140
2016/6xxx/CVE-2016-6361.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2016-6361", "ID": "CVE-2016-6361",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Aggregated MAC Protocol Data Unit (AMPDU) implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device reload) via a crafted AMPDU header, aka Bug ID CSCuz56288."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20160817 Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms AMPDU Denial of Service Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap" "lang": "eng",
}, "value": "The Aggregated MAC Protocol Data Unit (AMPDU) implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device reload) via a crafted AMPDU header, aka Bug ID CSCuz56288."
{ }
"name" : "92508", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/92508" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1036648", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036648" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20160817 Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms AMPDU Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap"
},
{
"name": "92508",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92508"
},
{
"name": "1036648",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036648"
}
]
}
}

130
2016/6xxx/CVE-2016-6419.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2016-6419", "ID": "CVE-2016-6419",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20160928 Cisco Firepower Management Center SQL Injection Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fpmc" "lang": "eng",
}, "value": "SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485."
{ }
"name" : "93206", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/93206" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93206",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93206"
},
{
"name": "20160928 Cisco Firepower Management Center SQL Injection Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fpmc"
}
]
}
}

130
2016/6xxx/CVE-2016-6887.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-6887", "ID": "CVE-2016-6887",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via a CRT attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html" "lang": "eng",
}, "value": "The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via a CRT attack."
{ }
"name" : "http://www.matrixssl.org/blog/releases/matrixssl_3_8_4", ]
"refsource" : "CONFIRM", },
"url" : "http://www.matrixssl.org/blog/releases/matrixssl_3_8_4" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.matrixssl.org/blog/releases/matrixssl_3_8_4",
"refsource": "CONFIRM",
"url": "http://www.matrixssl.org/blog/releases/matrixssl_3_8_4"
},
{
"name": "https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html",
"refsource": "MISC",
"url": "https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html"
}
]
}
}

172
2016/7xxx/CVE-2016-7075.json
View File

@ -1,88 +1,88 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "anemec@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2016-7075", "ID": "CVE-2016-7075",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "OpenShift", "product_name": "OpenShift",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Red Hat" "vendor_name": "Red Hat"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version" : "3.0"
}
],
[
{
"vectorString" : "7.8/AV:N/AC:L/Au:N/C:N/I:C/A:N",
"version" : "2.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-295"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075" "lang": "eng",
}, "value": "It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate."
{ }
"name" : "https://github.com/kubernetes/kubernetes/issues/34517", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/kubernetes/kubernetes/issues/34517" "impact": {
}, "cvss": [
{ [
"name" : "RHSA-2016:2064", {
"refsource" : "REDHAT", "vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"url" : "https://access.redhat.com/errata/RHSA-2016:2064" "version": "3.0"
} }
] ],
} [
} {
"vectorString": "7.8/AV:N/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kubernetes/kubernetes/issues/34517",
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes/kubernetes/issues/34517"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075"
},
{
"name": "RHSA-2016:2064",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:2064"
}
]
}
}

140
2016/7xxx/CVE-2016-7785.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-7785", "ID": "CVE-2016-7785",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20161008 ffmpeg before 3.1.4 [CVE-2016-7562] [CVE-2016-7122] [CVE-2016-7450] [CVE-2016-7502] [CVE-2016-7555] [CVE-2016-7785] [CVE-2016-7905]", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/10/08/1" "lang": "eng",
}, "value": "The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file."
{ }
"name" : "GLSA-201701-71", ]
"refsource" : "GENTOO", },
"url" : "https://security.gentoo.org/glsa/201701-71" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "94833", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/94833" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20161008 ffmpeg before 3.1.4 [CVE-2016-7562] [CVE-2016-7122] [CVE-2016-7450] [CVE-2016-7502] [CVE-2016-7555] [CVE-2016-7785] [CVE-2016-7905]",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/1"
},
{
"name": "GLSA-201701-71",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-71"
},
{
"name": "94833",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94833"
}
]
}
}

150
2017/5xxx/CVE-2017-5180.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5180", "ID": "CVE-2017-5180",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://openwall.com/lists/oss-security/2017/01/04/2", "description_data": [
"refsource" : "MISC", {
"url" : "http://openwall.com/lists/oss-security/2017/01/04/2" "lang": "eng",
}, "value": "Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option."
{ }
"name" : "https://firejail.wordpress.com/download-2/release-notes/", ]
"refsource" : "MISC", },
"url" : "https://firejail.wordpress.com/download-2/release-notes/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-201701-62", "description": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201701-62" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "95298", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/95298" ]
} },
] "references": {
} "reference_data": [
} {
"name": "95298",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95298"
},
{
"name": "https://firejail.wordpress.com/download-2/release-notes/",
"refsource": "MISC",
"url": "https://firejail.wordpress.com/download-2/release-notes/"
},
{
"name": "GLSA-201701-62",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-62"
},
{
"name": "http://openwall.com/lists/oss-security/2017/01/04/2",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/01/04/2"
}
]
}
}

34
2017/5xxx/CVE-2017-5588.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5588", "ID": "CVE-2017-5588",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

210
2017/5xxx/CVE-2017-5689.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@intel.com", "ASSIGNER": "secure@intel.com",
"ID" : "CVE-2017-5689", "ID": "CVE-2017-5689",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Intel Active Mangement Technology, Intel Small Business Technology, Intel Standard Manageability", "product_name": "Intel Active Mangement Technology, Intel Small Business Technology, Intel Standard Manageability",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "fixed in versions 6.2.61.3535, 7.1.91.3272, 8.1.71.3608, 9.1.41.3024, 10.0.55.3000, 11.0.25.3001, and 11.6.27.3264 and later" "version_value": "fixed in versions 6.2.61.3535, 7.1.91.3272, 8.1.71.3608, 9.1.41.3024, 10.0.55.3000, 11.0.25.3001, and 11.6.27.3264 and later"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Intel Corporation" "vendor_name": "Intel Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Escalation of Privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf" "lang": "eng",
}, "value": "An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT)."
{ }
"name" : "https://www.embedi.com/news/mythbusters-cve-2017-5689", ]
"refsource" : "MISC", },
"url" : "https://www.embedi.com/news/mythbusters-cve-2017-5689" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability", "description": [
"refsource" : "MISC", {
"url" : "https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability" "lang": "eng",
}, "value": "Escalation of Privilege"
{ }
"name" : "https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide-Rev%201.1.pdf", ]
"refsource" : "CONFIRM", }
"url" : "https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide-Rev%201.1.pdf" ]
}, },
{ "references": {
"name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr" "name": "https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability",
}, "refsource": "MISC",
{ "url": "https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability"
"name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03754en_us", },
"refsource" : "CONFIRM", {
"url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03754en_us" "name": "https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide-Rev%201.1.pdf",
}, "refsource": "CONFIRM",
{ "url": "https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide-Rev%201.1.pdf"
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" "name": "98269",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/98269"
"name" : "https://security.netapp.com/advisory/ntap-20170509-0001/", },
"refsource" : "CONFIRM", {
"url" : "https://security.netapp.com/advisory/ntap-20170509-0001/" "name": "1038385",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1038385"
"name" : "98269", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/98269" "name": "https://security.netapp.com/advisory/ntap-20170509-0001/",
}, "refsource": "CONFIRM",
{ "url": "https://security.netapp.com/advisory/ntap-20170509-0001/"
"name" : "1038385", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038385" "name": "https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf",
} "refsource": "MISC",
] "url": "https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf"
} },
} {
"name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr",
"refsource": "CONFIRM",
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03754en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03754en_us"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "https://www.embedi.com/news/mythbusters-cve-2017-5689",
"refsource": "MISC",
"url": "https://www.embedi.com/news/mythbusters-cve-2017-5689"
}
]
}
}

140
2017/5xxx/CVE-2017-5978.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5978", "ID": "CVE-2017-5978",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ZIP file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blogs.gentoo.org/ago/2017/02/09/zziplib-out-of-bounds-read-in-zzip_mem_entry_new-memdisk-c/", "description_data": [
"refsource" : "MISC", {
"url" : "https://blogs.gentoo.org/ago/2017/02/09/zziplib-out-of-bounds-read-in-zzip_mem_entry_new-memdisk-c/" "lang": "eng",
}, "value": "The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ZIP file."
{ }
"name" : "DSA-3878", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2017/dsa-3878" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "96268", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96268" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "96268",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96268"
},
{
"name": "https://blogs.gentoo.org/ago/2017/02/09/zziplib-out-of-bounds-read-in-zzip_mem_entry_new-memdisk-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/02/09/zziplib-out-of-bounds-read-in-zzip_mem_entry_new-memdisk-c/"
},
{
"name": "DSA-3878",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3878"
}
]
}
}