admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:17:57 +00:00
parent 5e2a455f2b
commit e5683ecb06
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
48 changed files with 3743 additions and 3743 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

178
2006/0xxx/CVE-2006-0045.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0045",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "crawl before 4.0.0 does not securely call programs when saving and loading games, which allows local users to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2006-0045",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-949",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-949"
},
{
"name" : "16337",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16337"
},
{
"name" : "ADV-2006-0303",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0303"
},
{
"name" : "22690",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22690"
},
{
"name" : "18545",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18545"
},
{
"name" : "18573",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18573"
},
{
"name" : "crawl-insecure-command-execution(24262)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24262"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "crawl before 4.0.0 does not securely call programs when saving and loading games, which allows local users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22690",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22690"
},
{
"name": "18545",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18545"
},
{
"name": "DSA-949",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-949"
},
{
"name": "16337",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16337"
},
{
"name": "ADV-2006-0303",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0303"
},
{
"name": "18573",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18573"
},
{
"name": "crawl-insecure-command-execution(24262)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24262"
}
]
}
}

178
2006/0xxx/CVE-2006-0084.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0084",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in index.php in raSMP 2.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the $_SERVER[HTTP_USER_AGENT] variable (User-Agent header)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060116 vendor ack/fix: 22198: raSMP index.php User-Agent Field XSS (fwd)",
"refsource" : "VIM",
"url" : "http://attrition.org/pipermail/vim/2006-January/000486.html"
},
{
"name" : "http://evuln.com/vulns/13/summary.html",
"refsource" : "MISC",
"url" : "http://evuln.com/vulns/13/summary.html"
},
{
"name" : "16138",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16138"
},
{
"name" : "ADV-2006-0030",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0030"
},
{
"name" : "22198",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22198"
},
{
"name" : "1015432",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015432"
},
{
"name" : "18292",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18292"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in index.php in raSMP 2.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the $_SERVER[HTTP_USER_AGENT] variable (User-Agent header)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0030",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0030"
},
{
"name": "16138",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16138"
},
{
"name": "1015432",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015432"
},
{
"name": "22198",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22198"
},
{
"name": "20060116 vendor ack/fix: 22198: raSMP index.php User-Agent Field XSS (fwd)",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2006-January/000486.html"
},
{
"name": "http://evuln.com/vulns/13/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/13/summary.html"
},
{
"name": "18292",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18292"
}
]
}
}

178
2006/0xxx/CVE-2006-0312.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0312",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "create.php in aoblogger 2.3 allows remote attackers to bypass authentication and create new blog entries by setting the uza parameter to 1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060117 [eVuln] aoblogger Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-01/0322.html"
},
{
"name" : "http://evuln.com/vulns/37/summary.html",
"refsource" : "MISC",
"url" : "http://evuln.com/vulns/37/summary.html"
},
{
"name" : "http://mikeheltonisawesome.com/viewcomments.php?idd=46",
"refsource" : "CONFIRM",
"url" : "http://mikeheltonisawesome.com/viewcomments.php?idd=46"
},
{
"name" : "16286",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16286"
},
{
"name" : "ADV-2006-0240",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0240"
},
{
"name" : "16889",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16889"
},
{
"name" : "aoblogger-create-security-bypass(24143)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24143"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "create.php in aoblogger 2.3 allows remote attackers to bypass authentication and create new blog entries by setting the uza parameter to 1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16889",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16889"
},
{
"name": "aoblogger-create-security-bypass(24143)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24143"
},
{
"name": "ADV-2006-0240",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0240"
},
{
"name": "20060117 [eVuln] aoblogger Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-01/0322.html"
},
{
"name": "http://mikeheltonisawesome.com/viewcomments.php?idd=46",
"refsource": "CONFIRM",
"url": "http://mikeheltonisawesome.com/viewcomments.php?idd=46"
},
{
"name": "http://evuln.com/vulns/37/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/37/summary.html"
},
{
"name": "16286",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16286"
}
]
}
}

168
2006/1xxx/CVE-2006-1681.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1681",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1681",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060406 XSS Bug in Cherokee Webserver",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/430385/100/0/threaded"
},
{
"name" : "17408",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17408"
},
{
"name" : "ADV-2006-1292",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1292"
},
{
"name" : "24469",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24469"
},
{
"name" : "19587",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19587"
},
{
"name" : "cherokee-handlererror-xss(25698)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25698"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060406 XSS Bug in Cherokee Webserver",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430385/100/0/threaded"
},
{
"name": "17408",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17408"
},
{
"name": "19587",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19587"
},
{
"name": "ADV-2006-1292",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1292"
},
{
"name": "cherokee-handlererror-xss(25698)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25698"
},
{
"name": "24469",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24469"
}
]
}
}

158
2006/4xxx/CVE-2006-4628.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4628",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in VCD-db before 0.983 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when handling comments."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=445066",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=445066"
},
{
"name" : "19871",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19871"
},
{
"name" : "ADV-2006-3481",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3481"
},
{
"name" : "21781",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21781"
},
{
"name" : "vcddb-comment-xss(28764)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28764"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in VCD-db before 0.983 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when handling comments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vcddb-comment-xss(28764)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28764"
},
{
"name": "ADV-2006-3481",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3481"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=445066",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=445066"
},
{
"name": "21781",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21781"
},
{
"name": "19871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19871"
}
]
}
}

178
2006/4xxx/CVE-2006-4992.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4992",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in JD-WordPress for Joomla! (com_jd-wp) 2.0-1.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) wp-comments-post.php, (2) wp-feed.php, or (3) wp-trackback.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.babilonics.com/?q=node/1802",
"refsource" : "MISC",
"url" : "http://www.babilonics.com/?q=node/1802"
},
{
"name" : "http://forum.joomla.org/index.php/topic,79477.0.html",
"refsource" : "CONFIRM",
"url" : "http://forum.joomla.org/index.php/topic,79477.0.html"
},
{
"name" : "http://forum.joomla.org/index.php/topic,81064.0.html",
"refsource" : "CONFIRM",
"url" : "http://forum.joomla.org/index.php/topic,81064.0.html"
},
{
"name" : "19209",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19209"
},
{
"name" : "28997",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28997"
},
{
"name" : "28998",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28998"
},
{
"name" : "28999",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28999"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in JD-WordPress for Joomla! (com_jd-wp) 2.0-1.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) wp-comments-post.php, (2) wp-feed.php, or (3) wp-trackback.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19209",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19209"
},
{
"name": "http://forum.joomla.org/index.php/topic,81064.0.html",
"refsource": "CONFIRM",
"url": "http://forum.joomla.org/index.php/topic,81064.0.html"
},
{
"name": "http://forum.joomla.org/index.php/topic,79477.0.html",
"refsource": "CONFIRM",
"url": "http://forum.joomla.org/index.php/topic,79477.0.html"
},
{
"name": "28998",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28998"
},
{
"name": "http://www.babilonics.com/?q=node/1802",
"refsource": "MISC",
"url": "http://www.babilonics.com/?q=node/1802"
},
{
"name": "28999",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28999"
},
{
"name": "28997",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28997"
}
]
}
}

178
2006/5xxx/CVE-2006-5149.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5149",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in OpenBiblio before 0.5.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the page parameter to shared/help.php or (2) the tab parameter to shared/header.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071228 OpenBiblio 0.5.2-pre4 and prior multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/485588/100/0/threaded"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=451780",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=451780"
},
{
"name" : "20301",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20301"
},
{
"name" : "27053",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27053"
},
{
"name" : "ADV-2006-3867",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3867"
},
{
"name" : "22238",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22238"
},
{
"name" : "openbiblio-shared-file-include(29316)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29316"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in OpenBiblio before 0.5.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the page parameter to shared/help.php or (2) the tab parameter to shared/header.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3867",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3867"
},
{
"name": "20071228 OpenBiblio 0.5.2-pre4 and prior multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485588/100/0/threaded"
},
{
"name": "22238",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22238"
},
{
"name": "27053",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27053"
},
{
"name": "openbiblio-shared-file-include(29316)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29316"
},
{
"name": "20301",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20301"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=451780",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=451780"
}
]
}
}

148
2006/5xxx/CVE-2006-5160.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5160",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Multiple unspecified vulnerabilities in Mozilla Firefox have unspecified vectors and impact, as claimed during ToorCon 2006. NOTE: the vendor and original researchers have released a follow-up comment disputing this issue, in which one researcher states that \"I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061001 zero-day flaws in Firefox: about 30 unpatched Firefox flaws",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/447493/100/0/threaded"
},
{
"name" : "http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon/",
"refsource" : "MISC",
"url" : "http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon/"
},
{
"name" : "http://www.securitypronews.com/insiderreports/insider/spn-49-20061003FirefoxVulnerabilityClaimWasAJoke.html",
"refsource" : "MISC",
"url" : "http://www.securitypronews.com/insiderreports/insider/spn-49-20061003FirefoxVulnerabilityClaimWasAJoke.html"
},
{
"name" : "20294",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20294"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Multiple unspecified vulnerabilities in Mozilla Firefox have unspecified vectors and impact, as claimed during ToorCon 2006. NOTE: the vendor and original researchers have released a follow-up comment disputing this issue, in which one researcher states that \"I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon/",
"refsource": "MISC",
"url": "http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon/"
},
{
"name": "http://www.securitypronews.com/insiderreports/insider/spn-49-20061003FirefoxVulnerabilityClaimWasAJoke.html",
"refsource": "MISC",
"url": "http://www.securitypronews.com/insiderreports/insider/spn-49-20061003FirefoxVulnerabilityClaimWasAJoke.html"
},
{
"name": "20061001 zero-day flaws in Firefox: about 30 unpatched Firefox flaws",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447493/100/0/threaded"
},
{
"name": "20294",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20294"
}
]
}
}

168
2006/5xxx/CVE-2006-5613.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5613",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion in Core/core.inc.php in MP3 Streaming DownSampler (mp3SDS) 3.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the fullpath parameter"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2666",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2666"
},
{
"name" : "20783",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20783"
},
{
"name" : "ADV-2006-4230",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4230"
},
{
"name" : "30110",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/30110"
},
{
"name" : "22605",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22605"
},
{
"name" : "mp3sds-core-file-include(29888)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29888"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion in Core/core.inc.php in MP3 Streaming DownSampler (mp3SDS) 3.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the fullpath parameter"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2666",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2666"
},
{
"name": "20783",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20783"
},
{
"name": "mp3sds-core-file-include(29888)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29888"
},
{
"name": "30110",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30110"
},
{
"name": "22605",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22605"
},
{
"name": "ADV-2006-4230",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4230"
}
]
}
}

178
2006/5xxx/CVE-2006-5790.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5790",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple format string vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) an entry with an attachment whose name contains format string specifiers (el_submit function), and possibly other vectors in the (2) receive_config, (3) show_rss_feed, (4) show_elog_list, (5) show_logbook_node, and (6) server_loop functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5790",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392016",
"refsource" : "MISC",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392016"
},
{
"name" : "DSA-1242",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1242"
},
{
"name" : "20876",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20876"
},
{
"name" : "ADV-2006-4315",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4315"
},
{
"name" : "22638",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22638"
},
{
"name" : "23580",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23580"
},
{
"name" : "elog-elsubmit-format-string(29987)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29987"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple format string vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) an entry with an attachment whose name contains format string specifiers (el_submit function), and possibly other vectors in the (2) receive_config, (3) show_rss_feed, (4) show_elog_list, (5) show_logbook_node, and (6) server_loop functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23580",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23580"
},
{
"name": "DSA-1242",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1242"
},
{
"name": "20876",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20876"
},
{
"name": "elog-elsubmit-format-string(29987)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29987"
},
{
"name": "22638",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22638"
},
{
"name": "ADV-2006-4315",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4315"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392016",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392016"
}
]
}
}

248
2006/5xxx/CVE-2006-5973.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5973",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to \"yes,\" allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061119 Dovecot IMAP/POP3 server: Off-by-one buffer overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/452081/100/0/threaded"
},
{
"name" : "[Dovecot-news] 20091119 1.0.rc15 released",
"refsource" : "MLIST",
"url" : "http://dovecot.org/pipermail/dovecot-news/2006-November/000024.html"
},
{
"name" : "[Dovecot-news] 20061119 Security hole #2: Off-by-one buffer overflow with mmap_disable=yes",
"refsource" : "MLIST",
"url" : "http://dovecot.org/list/dovecot-news/2006-November/000023.html"
},
{
"name" : "https://issues.rpath.com/browse/RPL-802",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-802"
},
{
"name" : "SUSE-SA:2006:073",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_73_mono.html"
},
{
"name" : "USN-387-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-387-1"
},
{
"name" : "21183",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21183/info"
},
{
"name" : "ADV-2006-4614",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4614"
},
{
"name" : "1017288",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017288"
},
{
"name" : "23007",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23007"
},
{
"name" : "23150",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23150"
},
{
"name" : "23172",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23172"
},
{
"name" : "23213",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23213"
},
{
"name" : "dovecot-indexcache-bo(30433)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30433"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to \"yes,\" allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[Dovecot-news] 20091119 1.0.rc15 released",
"refsource": "MLIST",
"url": "http://dovecot.org/pipermail/dovecot-news/2006-November/000024.html"
},
{
"name": "USN-387-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-387-1"
},
{
"name": "23150",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23150"
},
{
"name": "SUSE-SA:2006:073",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_73_mono.html"
},
{
"name": "23007",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23007"
},
{
"name": "23172",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23172"
},
{
"name": "dovecot-indexcache-bo(30433)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30433"
},
{
"name": "20061119 Dovecot IMAP/POP3 server: Off-by-one buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452081/100/0/threaded"
},
{
"name": "[Dovecot-news] 20061119 Security hole #2: Off-by-one buffer overflow with mmap_disable=yes",
"refsource": "MLIST",
"url": "http://dovecot.org/list/dovecot-news/2006-November/000023.html"
},
{
"name": "23213",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23213"
},
{
"name": "1017288",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017288"
},
{
"name": "ADV-2006-4614",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4614"
},
{
"name": "21183",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21183/info"
},
{
"name": "https://issues.rpath.com/browse/RPL-802",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-802"
}
]
}
}

228
2010/0xxx/CVE-2010-0015.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0015",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100107 CVE id request: GNU libc: NIS shadow password leakage",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/01/07/3"
},
{
"name" : "[oss-security] 20100108 Re: CVE id request: GNU libc: NIS shadow password leakage",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/01/08/1"
},
{
"name" : "[oss-security] 20100109 Re: CVE id request: GNU libc: NIS shadow password leakage",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/01/08/2"
},
{
"name" : "[oss-security] 20100111 Re: CVE id request: GNU libc: NIS shadow password leakage",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/01/11/6"
},
{
"name" : "[oss-security] 20100111 Re: CVE id request: GNU libc: NIS shadow password leakage",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=126320570505651&w=2"
},
{
"name" : "[oss-security] 20100111 Re: CVE id request: GNU libc: NIS shadow password leakage",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=126320356003425&w=2"
},
{
"name" : "http://sourceware.org/bugzilla/show_bug.cgi?id=11134",
"refsource" : "MISC",
"url" : "http://sourceware.org/bugzilla/show_bug.cgi?id=11134"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560333",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560333"
},
{
"name" : "http://svn.debian.org/viewsvn/pkg-glibc/glibc-package/trunk/debian/patches/any/submitted-nis-shadow.diff?revision=4062&view=markup",
"refsource" : "CONFIRM",
"url" : "http://svn.debian.org/viewsvn/pkg-glibc/glibc-package/trunk/debian/patches/any/submitted-nis-shadow.diff?revision=4062&view=markup"
},
{
"name" : "MDVSA-2010:111",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:111"
},
{
"name" : "MDVSA-2010:112",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:112"
},
{
"name" : "SUSE-SA:2010:052",
"refsource" : "SUSE",
"url" : "https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2010:111",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:111"
},
{
"name": "[oss-security] 20100109 Re: CVE id request: GNU libc: NIS shadow password leakage",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/01/08/2"
},
{
"name": "[oss-security] 20100107 CVE id request: GNU libc: NIS shadow password leakage",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/01/07/3"
},
{
"name": "[oss-security] 20100111 Re: CVE id request: GNU libc: NIS shadow password leakage",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/01/11/6"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560333",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560333"
},
{
"name": "[oss-security] 20100108 Re: CVE id request: GNU libc: NIS shadow password leakage",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/01/08/1"
},
{
"name": "SUSE-SA:2010:052",
"refsource": "SUSE",
"url": "https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html"
},
{
"name": "http://svn.debian.org/viewsvn/pkg-glibc/glibc-package/trunk/debian/patches/any/submitted-nis-shadow.diff?revision=4062&view=markup",
"refsource": "CONFIRM",
"url": "http://svn.debian.org/viewsvn/pkg-glibc/glibc-package/trunk/debian/patches/any/submitted-nis-shadow.diff?revision=4062&view=markup"
},
{
"name": "MDVSA-2010:112",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:112"
},
{
"name": "[oss-security] 20100111 Re: CVE id request: GNU libc: NIS shadow password leakage",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=126320570505651&w=2"
},
{
"name": "http://sourceware.org/bugzilla/show_bug.cgi?id=11134",
"refsource": "MISC",
"url": "http://sourceware.org/bugzilla/show_bug.cgi?id=11134"
},
{
"name": "[oss-security] 20100111 Re: CVE id request: GNU libc: NIS shadow password leakage",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=126320356003425&w=2"
}
]
}
}

148
2010/0xxx/CVE-2010-0581.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0581",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz89904, the \"SIP Packet Parsing Arbitrary Code Execution Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-0581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=20065",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=20065"
},
{
"name" : "20100324 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20f32.shtml"
},
{
"name" : "1023744",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023744"
},
{
"name" : "39068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39068"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz89904, the \"SIP Packet Parsing Arbitrary Code Execution Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1023744",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023744"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=20065",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=20065"
},
{
"name": "39068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39068"
},
{
"name": "20100324 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20f32.shtml"
}
]
}
}

148
2010/2xxx/CVE-2010-2263.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2263",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "13822",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/13822"
},
{
"name" : "13818",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/13818"
},
{
"name" : "http://spa-s3c.blogspot.com/2010/06/full-responsible-disclosurenginx-engine.html",
"refsource" : "MISC",
"url" : "http://spa-s3c.blogspot.com/2010/06/full-responsible-disclosurenginx-engine.html"
},
{
"name" : "40760",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40760"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13818",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/13818"
},
{
"name": "http://spa-s3c.blogspot.com/2010/06/full-responsible-disclosurenginx-engine.html",
"refsource": "MISC",
"url": "http://spa-s3c.blogspot.com/2010/06/full-responsible-disclosurenginx-engine.html"
},
{
"name": "13822",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/13822"
},
{
"name": "40760",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40760"
}
]
}
}

178
2010/2xxx/CVE-2010-2583.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2583",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2010-2583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20101029 Secunia Research: SonicWALL SSL-VPN End-Point ActiveX Control Buffer Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/514561/100/0/threaded"
},
{
"name" : "http://secunia.com/secunia_research/2010-117/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2010-117/"
},
{
"name" : "http://software.sonicwall.com/Aventail/KB/hotfix/10.0.5/clt-hotfix-10_0_5-003.txt",
"refsource" : "CONFIRM",
"url" : "http://software.sonicwall.com/Aventail/KB/hotfix/10.0.5/clt-hotfix-10_0_5-003.txt"
},
{
"name" : "44535",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44535"
},
{
"name" : "1024666",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024666"
},
{
"name" : "41644",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41644"
},
{
"name" : "sonicwall-activex-bo(62865)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62865"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024666",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024666"
},
{
"name": "http://secunia.com/secunia_research/2010-117/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2010-117/"
},
{
"name": "20101029 Secunia Research: SonicWALL SSL-VPN End-Point ActiveX Control Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514561/100/0/threaded"
},
{
"name": "41644",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41644"
},
{
"name": "sonicwall-activex-bo(62865)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62865"
},
{
"name": "http://software.sonicwall.com/Aventail/KB/hotfix/10.0.5/clt-hotfix-10_0_5-003.txt",
"refsource": "CONFIRM",
"url": "http://software.sonicwall.com/Aventail/KB/hotfix/10.0.5/clt-hotfix-10_0_5-003.txt"
},
{
"name": "44535",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44535"
}
]
}
}

168
2010/3xxx/CVE-2010-3002.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3002",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in RealNetworks RealPlayer 11.0 through 11.1 allows attackers to bypass intended access restrictions on files via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://service.real.com/realplayer/security/08262010_player/en/",
"refsource" : "CONFIRM",
"url" : "http://service.real.com/realplayer/security/08262010_player/en/"
},
{
"name" : "oval:org.mitre.oval:def:7227",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7227"
},
{
"name" : "1024370",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024370"
},
{
"name" : "41154",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41154"
},
{
"name" : "ADV-2010-2216",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2216"
},
{
"name" : "realplayer-activex-unauth-access(61426)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61426"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in RealNetworks RealPlayer 11.0 through 11.1 allows attackers to bypass intended access restrictions on files via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-2216",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2216"
},
{
"name": "http://service.real.com/realplayer/security/08262010_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/08262010_player/en/"
},
{
"name": "realplayer-activex-unauth-access(61426)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61426"
},
{
"name": "1024370",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024370"
},
{
"name": "41154",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41154"
},
{
"name": "oval:org.mitre.oval:def:7227",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7227"
}
]
}
}

138
2010/3xxx/CVE-2010-3196.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3196",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3196",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21432298",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
},
{
"name" : "IC67008",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67008"
},
{
"name" : "oval:org.mitre.oval:def:14472",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14472"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
},
{
"name": "IC67008",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67008"
},
{
"name": "oval:org.mitre.oval:def:14472",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14472"
}
]
}
}

128
2010/3xxx/CVE-2010-3536.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3536",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleSoft Enterprise SCM component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-3536",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name" : "TA10-287A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the PeopleSoft Enterprise SCM component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name": "TA10-287A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
}
]
}
}

258
2010/4xxx/CVE-2010-4651.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4651",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[bug-patch] 20101230 Directory traversal vulnerability in patch (or dpkg-source) (fwd)",
"refsource" : "MLIST",
"url" : "http://lists.gnu.org/archive/html/bug-patch/2010-12/msg00000.html"
},
{
"name" : "[oss-security] 20110105 CVE request: patch directory traversal flaw",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/01/05/10"
},
{
"name" : "[oss-security] 20110106 Re: CVE request: patch directory traversal flaw",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/01/06/20"
},
{
"name" : "[oss-security] 20110106 Re: CVE request: patch directory traversal flaw",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/01/06/21"
},
{
"name" : "[oss-security] 20110106 Re: CVE request: patch directory traversal flaw",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/01/06/19"
},
{
"name" : "http://git.savannah.gnu.org/cgit/patch.git/commit/?id=685a78b6052f4df6eac6d625a545cfb54a6ac0e1",
"refsource" : "CONFIRM",
"url" : "http://git.savannah.gnu.org/cgit/patch.git/commit/?id=685a78b6052f4df6eac6d625a545cfb54a6ac0e1"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=667529",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=667529"
},
{
"name" : "http://support.apple.com/kb/HT4723",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4723"
},
{
"name" : "APPLE-SA-2011-06-23-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
},
{
"name" : "FEDORA-2011-1269",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055246.html"
},
{
"name" : "FEDORA-2011-1272",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055241.html"
},
{
"name" : "46768",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46768"
},
{
"name" : "43663",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43663"
},
{
"name" : "43677",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43677"
},
{
"name" : "ADV-2011-0600",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0600"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0600",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0600"
},
{
"name": "http://support.apple.com/kb/HT4723",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4723"
},
{
"name": "[oss-security] 20110106 Re: CVE request: patch directory traversal flaw",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/01/06/20"
},
{
"name": "46768",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46768"
},
{
"name": "APPLE-SA-2011-06-23-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
},
{
"name": "[oss-security] 20110106 Re: CVE request: patch directory traversal flaw",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/01/06/21"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=667529",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=667529"
},
{
"name": "FEDORA-2011-1269",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055246.html"
},
{
"name": "[oss-security] 20110106 Re: CVE request: patch directory traversal flaw",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/01/06/19"
},
{
"name": "http://git.savannah.gnu.org/cgit/patch.git/commit/?id=685a78b6052f4df6eac6d625a545cfb54a6ac0e1",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/patch.git/commit/?id=685a78b6052f4df6eac6d625a545cfb54a6ac0e1"
},
{
"name": "43677",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43677"
},
{
"name": "FEDORA-2011-1272",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055241.html"
},
{
"name": "[oss-security] 20110105 CVE request: patch directory traversal flaw",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/01/05/10"
},
{
"name": "[bug-patch] 20101230 Directory traversal vulnerability in patch (or dpkg-source) (fwd)",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/bug-patch/2010-12/msg00000.html"
},
{
"name": "43663",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43663"
}
]
}
}

138
2014/3xxx/CVE-2014-3135.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3135",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 5.1.1 Alpha 9 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to privatemessage/new/, (2) the folderid parameter to a private message in privatemessage/view, (3) a fragment indicator to /help, or (4) the view parameter to a topic, as demonstrated by a request to forum/anunturi-importante/rst-power/67030-rst-admin-restore."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/126226/vBulletin-5.1-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/126226/vBulletin-5.1-Cross-Site-Scripting.html"
},
{
"name" : "66972",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/66972"
},
{
"name" : "vbulletin-multiple-scripts-xss(92664)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92664"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 5.1.1 Alpha 9 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to privatemessage/new/, (2) the folderid parameter to a private message in privatemessage/view, (3) a fragment indicator to /help, or (4) the view parameter to a topic, as demonstrated by a request to forum/anunturi-importante/rst-power/67030-rst-admin-restore."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/126226/vBulletin-5.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126226/vBulletin-5.1-Cross-Site-Scripting.html"
},
{
"name": "66972",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66972"
},
{
"name": "vbulletin-multiple-scripts-xss(92664)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92664"
}
]
}
}

120
2014/3xxx/CVE-2014-3626.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security_alert@emc.com",
"DATE_PUBLIC" : "2017-05-25T00:00:00",
"ID" : "CVE-2014-3626",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Grails by Pivotal",
"version" : {
"version_data" : [
{
"version_value" : "Resources plugin versions 1.2.0 - 1.2.12. Earlier versions may also be affected but were not assessed"
}
]
}
}
]
},
"vendor_name" : "Dell EMC"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the normalized URI did not step outside the appropriate root directory (e.g. the web application root), decoded the URI and checked that this did not introduce additional /../ (and similar) sequences. A bug was introduced where the Grails Resource Plugin before 1.2.13 returned the decoded version of the URI rather than the normalized version of the URI after the directory traversal check. This exposed a double decoding vulnerability. To address this issue, the Grails Resource Plugin now repeatedly decodes the URI up to three times or until decoding no longer changes the URI. If the decode limit of 3 is exceeded the URI is rejected. A side-effect of this is that the Grails Resource Plugin is unable to serve a resource that includes a '%' character in the full path to the resource. Not all environments are vulnerable because of the differences in URL resolving in different servlet containers. Applications deployed to Tomcat 8 and Jetty 9 were found not not be vulnerable, however applications deployed to JBoss EAP 6.3 / JBoss AS 7.4 and JBoss AS 7.1 were found to be vulnerable (other JBoss versions weren't tested). In certain cases JBoss returns JBoss specific vfs protocol urls from URL resolution methods (ClassLoader.getResources). The JBoss vfs URL protocol supports resolving any file on the filesystem. This made the directory traversal possible. There may be other containers, in addition to JBoss, on which this vulnerability is exposed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Directory Traversal"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2017-05-25T00:00:00",
"ID": "CVE-2014-3626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Grails by Pivotal",
"version": {
"version_data": [
{
"version_value": "Resources plugin versions 1.2.0 - 1.2.12. Earlier versions may also be affected but were not assessed"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://pivotal.io/security/cve-2014-3626",
"refsource" : "CONFIRM",
"url" : "https://pivotal.io/security/cve-2014-3626"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the normalized URI did not step outside the appropriate root directory (e.g. the web application root), decoded the URI and checked that this did not introduce additional /../ (and similar) sequences. A bug was introduced where the Grails Resource Plugin before 1.2.13 returned the decoded version of the URI rather than the normalized version of the URI after the directory traversal check. This exposed a double decoding vulnerability. To address this issue, the Grails Resource Plugin now repeatedly decodes the URI up to three times or until decoding no longer changes the URI. If the decode limit of 3 is exceeded the URI is rejected. A side-effect of this is that the Grails Resource Plugin is unable to serve a resource that includes a '%' character in the full path to the resource. Not all environments are vulnerable because of the differences in URL resolving in different servlet containers. Applications deployed to Tomcat 8 and Jetty 9 were found not not be vulnerable, however applications deployed to JBoss EAP 6.3 / JBoss AS 7.4 and JBoss AS 7.1 were found to be vulnerable (other JBoss versions weren't tested). In certain cases JBoss returns JBoss specific vfs protocol urls from URL resolution methods (ClassLoader.getResources). The JBoss vfs URL protocol supports resolving any file on the filesystem. This made the directory traversal possible. There may be other containers, in addition to JBoss, on which this vulnerability is exposed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2014-3626",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2014-3626"
}
]
}
}

138
2014/4xxx/CVE-2014-4060.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4060",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in MCPlayer.dll in Microsoft Windows Media Center TV Pack for Windows Vista, Windows 7 SP1, and Windows Media Center for Windows 8 and 8.1 allows remote attackers to execute arbitrary code via a crafted Office document that triggers deletion of a CSyncBasePlayer object, aka \"CSyncBasePlayer Use After Free Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-4060",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-043",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-043"
},
{
"name" : "69093",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69093"
},
{
"name" : "60671",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60671"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in MCPlayer.dll in Microsoft Windows Media Center TV Pack for Windows Vista, Windows 7 SP1, and Windows Media Center for Windows 8 and 8.1 allows remote attackers to execute arbitrary code via a crafted Office document that triggers deletion of a CSyncBasePlayer object, aka \"CSyncBasePlayer Use After Free Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS14-043",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-043"
},
{
"name": "69093",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69093"
},
{
"name": "60671",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60671"
}
]
}
}

32
2014/4xxx/CVE-2014-4147.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4147",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-4147",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

128
2014/4xxx/CVE-2014-4503.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4503",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The parse_notify function in util.c in sgminer before 4.2.2 and cgminer 3.3.0 through 4.0.1 allows man-in-the-middle attackers to cause a denial of service (application exit) via a crafted (1) bbversion, (2) prev_hash, (3) nbit, or (4) ntime parameter in a mining.notify action stratum message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140722 CVE-2014-4503 : Invalid Parameters in mining.notify Stratum Message Leads to Denial of Service",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Jul/120"
},
{
"name" : "https://github.com/sgminer-dev/sgminer/commit/910c36089940e81fb85c65b8e63dcd2fac71470c",
"refsource" : "CONFIRM",
"url" : "https://github.com/sgminer-dev/sgminer/commit/910c36089940e81fb85c65b8e63dcd2fac71470c"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The parse_notify function in util.c in sgminer before 4.2.2 and cgminer 3.3.0 through 4.0.1 allows man-in-the-middle attackers to cause a denial of service (application exit) via a crafted (1) bbversion, (2) prev_hash, (3) nbit, or (4) ntime parameter in a mining.notify action stratum message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140722 CVE-2014-4503 : Invalid Parameters in mining.notify Stratum Message Leads to Denial of Service",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jul/120"
},
{
"name": "https://github.com/sgminer-dev/sgminer/commit/910c36089940e81fb85c65b8e63dcd2fac71470c",
"refsource": "CONFIRM",
"url": "https://github.com/sgminer-dev/sgminer/commit/910c36089940e81fb85c65b8e63dcd2fac71470c"
}
]
}
}

32
2014/4xxx/CVE-2014-4544.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4544",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4544",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

138
2014/4xxx/CVE-2014-4789.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4789",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Session fixation vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack web sessions via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682450",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name" : "60996",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60996"
},
{
"name" : "ibm-imds-cve20144789-fixation(95059)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95059"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack web sessions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name": "60996",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60996"
},
{
"name": "ibm-imds-cve20144789-fixation(95059)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95059"
}
]
}
}

158
2014/8xxx/CVE-2014-8149.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8149",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenDaylight defense4all 1.1.0 and earlier allows remote authenticated users to write report data to arbitrary files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150122 Defense4all security advisory: CVE-2014-8149 users can export report data to an arbitrary file on the server's filesystem",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/01/22/1"
},
{
"name" : "https://git.opendaylight.org/gerrit/#/c/13972/",
"refsource" : "CONFIRM",
"url" : "https://git.opendaylight.org/gerrit/#/c/13972/"
},
{
"name" : "https://git.opendaylight.org/gerrit/#/c/14088/",
"refsource" : "CONFIRM",
"url" : "https://git.opendaylight.org/gerrit/#/c/14088/"
},
{
"name" : "https://wiki.opendaylight.org/view/Security_Advisories",
"refsource" : "CONFIRM",
"url" : "https://wiki.opendaylight.org/view/Security_Advisories"
},
{
"name" : "72280",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72280"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenDaylight defense4all 1.1.0 and earlier allows remote authenticated users to write report data to arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "72280",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72280"
},
{
"name": "https://git.opendaylight.org/gerrit/#/c/14088/",
"refsource": "CONFIRM",
"url": "https://git.opendaylight.org/gerrit/#/c/14088/"
},
{
"name": "https://git.opendaylight.org/gerrit/#/c/13972/",
"refsource": "CONFIRM",
"url": "https://git.opendaylight.org/gerrit/#/c/13972/"
},
{
"name": "https://wiki.opendaylight.org/view/Security_Advisories",
"refsource": "CONFIRM",
"url": "https://wiki.opendaylight.org/view/Security_Advisories"
},
{
"name": "[oss-security] 20150122 Defense4all security advisory: CVE-2014-8149 users can export report data to an arbitrary file on the server's filesystem",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/22/1"
}
]
}
}

118
2014/8xxx/CVE-2014-8243.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8243",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote attackers to obtain the administrator's MD5 password hash via a direct request for the /.htpasswd URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-8243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#447516",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/447516"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote attackers to obtain the administrator's MD5 password hash via a direct request for the /.htpasswd URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#447516",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/447516"
}
]
}
}

138
2014/8xxx/CVE-2014-8386.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8386",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in Advantech AdamView 4.3 and earlier allow remote attackers to execute arbitrary code via a crafted (1) display properties or (2) conditional bitmap parameter in a GNI file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "35503",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/35503"
},
{
"name" : "20141119 [CORE-2014-0008] - Advantech AdamView Buffer Overflow",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Nov/57"
},
{
"name" : "http://www.coresecurity.com/advisories/advantech-adamView-buffer-overflow",
"refsource" : "MISC",
"url" : "http://www.coresecurity.com/advisories/advantech-adamView-buffer-overflow"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in Advantech AdamView 4.3 and earlier allow remote attackers to execute arbitrary code via a crafted (1) display properties or (2) conditional bitmap parameter in a GNI file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141119 [CORE-2014-0008] - Advantech AdamView Buffer Overflow",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/57"
},
{
"name": "35503",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35503"
},
{
"name": "http://www.coresecurity.com/advisories/advantech-adamView-buffer-overflow",
"refsource": "MISC",
"url": "http://www.coresecurity.com/advisories/advantech-adamView-buffer-overflow"
}
]
}
}

288
2014/8xxx/CVE-2014-8504.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8504",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141027 Re: Re: strings / libbfd crasher",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/10/27/5"
},
{
"name" : "[oss-security] 20141027 Re: Re: strings / libbfd crasher",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/10/27/4"
},
{
"name" : "[oss-security] 20141031 Re: strings / libbfd crasher",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/10/31/1"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1162621",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1162621"
},
{
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=17510",
"refsource" : "CONFIRM",
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=17510"
},
{
"name" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=708d7d0d11f0f2d776171979aa3479e8e12a38a0",
"refsource" : "CONFIRM",
"url" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=708d7d0d11f0f2d776171979aa3479e8e12a38a0"
},
{
"name" : "FEDORA-2014-14838",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html"
},
{
"name" : "FEDORA-2014-14963",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html"
},
{
"name" : "FEDORA-2014-14995",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html"
},
{
"name" : "FEDORA-2014-17586",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html"
},
{
"name" : "FEDORA-2014-17603",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html"
},
{
"name" : "FEDORA-2015-0471",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html"
},
{
"name" : "GLSA-201612-24",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201612-24"
},
{
"name" : "MDVSA-2015:029",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029"
},
{
"name" : "USN-2496-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2496-1"
},
{
"name" : "70761",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70761"
},
{
"name" : "62241",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62241"
},
{
"name" : "62746",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62746"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1162621",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1162621"
},
{
"name": "62241",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62241"
},
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=17510",
"refsource": "CONFIRM",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=17510"
},
{
"name": "MDVSA-2015:029",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029"
},
{
"name": "USN-2496-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2496-1"
},
{
"name": "FEDORA-2014-14995",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html"
},
{
"name": "[oss-security] 20141027 Re: Re: strings / libbfd crasher",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/10/27/5"
},
{
"name": "FEDORA-2014-17603",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html"
},
{
"name": "FEDORA-2014-14963",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html"
},
{
"name": "FEDORA-2015-0471",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html"
},
{
"name": "62746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62746"
},
{
"name": "[oss-security] 20141027 Re: Re: strings / libbfd crasher",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/10/27/4"
},
{
"name": "[oss-security] 20141031 Re: strings / libbfd crasher",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/10/31/1"
},
{
"name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=708d7d0d11f0f2d776171979aa3479e8e12a38a0",
"refsource": "CONFIRM",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=708d7d0d11f0f2d776171979aa3479e8e12a38a0"
},
{
"name": "FEDORA-2014-14838",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html"
},
{
"name": "FEDORA-2014-17586",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html"
},
{
"name": "70761",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70761"
},
{
"name": "GLSA-201612-24",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-24"
}
]
}
}

178
2014/8xxx/CVE-2014-8917.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8917",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/resources/uploader.swf (aka upload.swf), (2) dojox/form/resources/fileuploader.swf (aka fileupload.swf), (3) dojox/av/resources/audio.swf, and (4) dojox/av/resources/video.swf in the IBM Dojo Toolkit, as used in IBM Social Media Analytics 1.3 before IF11 and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-8917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21694693",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21694693"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21696013",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21696013"
},
{
"name" : "72903",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72903"
},
{
"name" : "1032376",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032376"
},
{
"name" : "62590",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62590"
},
{
"name" : "62837",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62837"
},
{
"name" : "ibm-dojo-cve20148917-xss(99303)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99303"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/resources/uploader.swf (aka upload.swf), (2) dojox/form/resources/fileuploader.swf (aka fileupload.swf), (3) dojox/av/resources/audio.swf, and (4) dojox/av/resources/video.swf in the IBM Dojo Toolkit, as used in IBM Social Media Analytics 1.3 before IF11 and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62590",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62590"
},
{
"name": "ibm-dojo-cve20148917-xss(99303)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99303"
},
{
"name": "62837",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62837"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21696013",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696013"
},
{
"name": "1032376",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032376"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21694693",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694693"
},
{
"name": "72903",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72903"
}
]
}
}

128
2014/9xxx/CVE-2014-9249.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9249",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration of Zenoss Core before 5 allows remote attackers to read or modify database information by connecting to unspecified open ports, aka ZEN-15408."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-9249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing",
"refsource" : "CONFIRM",
"url" : "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing"
},
{
"name" : "VU#449452",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/449452"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of Zenoss Core before 5 allows remote attackers to read or modify database information by connecting to unspecified open ports, aka ZEN-15408."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#449452",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/449452"
},
{
"name": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing",
"refsource": "CONFIRM",
"url": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing"
}
]
}
}

32
2014/9xxx/CVE-2014-9314.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9314",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9314",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

148
2014/9xxx/CVE-2014-9426.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9426",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service (memory corruption or application crash) or possibly have unspecified other impact via unknown vectors. NOTE: this is disputed by the vendor because the standard erealloc behavior makes the free operation unreachable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.php.net/?p=php-src.git;a=commit;h=a72cd07f2983dc43a6bb35209dc4687852e53c09",
"refsource" : "CONFIRM",
"url" : "http://git.php.net/?p=php-src.git;a=commit;h=a72cd07f2983dc43a6bb35209dc4687852e53c09"
},
{
"name" : "http://git.php.net/?p=php-src.git;a=commit;h=ef89ab2f99fbd9b7b714556d4f1f50644eb54191",
"refsource" : "CONFIRM",
"url" : "http://git.php.net/?p=php-src.git;a=commit;h=ef89ab2f99fbd9b7b714556d4f1f50644eb54191"
},
{
"name" : "https://bugs.php.net/bug.php?id=68665",
"refsource" : "CONFIRM",
"url" : "https://bugs.php.net/bug.php?id=68665"
},
{
"name" : "openSUSE-SU-2015:0325",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service (memory corruption or application crash) or possibly have unspecified other impact via unknown vectors. NOTE: this is disputed by the vendor because the standard erealloc behavior makes the free operation unreachable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.php.net/?p=php-src.git;a=commit;h=a72cd07f2983dc43a6bb35209dc4687852e53c09",
"refsource": "CONFIRM",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=a72cd07f2983dc43a6bb35209dc4687852e53c09"
},
{
"name": "openSUSE-SU-2015:0325",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html"
},
{
"name": "https://bugs.php.net/bug.php?id=68665",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=68665"
},
{
"name": "http://git.php.net/?p=php-src.git;a=commit;h=ef89ab2f99fbd9b7b714556d4f1f50644eb54191",
"refsource": "CONFIRM",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=ef89ab2f99fbd9b7b714556d4f1f50644eb54191"
}
]
}
}

158
2014/9xxx/CVE-2014-9597.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9597",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (DEP violation and application crash) via a crafted FLV file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150116 VLC Media Player 2.1.5 Memory Corruption Vulnerabilities (CVE-2014-9597, CVE-2014-9597)",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Jan/72"
},
{
"name" : "http://www.binarysniper.net/2015/01/vlc-media-player-215-memory-corruption.html",
"refsource" : "MISC",
"url" : "http://www.binarysniper.net/2015/01/vlc-media-player-215-memory-corruption.html"
},
{
"name" : "https://trac.videolan.org/vlc/attachment/ticket/13389/windbglog.txt",
"refsource" : "MISC",
"url" : "https://trac.videolan.org/vlc/attachment/ticket/13389/windbglog.txt"
},
{
"name" : "https://trac.videolan.org/vlc/ticket/13389",
"refsource" : "MISC",
"url" : "https://trac.videolan.org/vlc/ticket/13389"
},
{
"name" : "GLSA-201603-08",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201603-08"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (DEP violation and application crash) via a crafted FLV file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.binarysniper.net/2015/01/vlc-media-player-215-memory-corruption.html",
"refsource": "MISC",
"url": "http://www.binarysniper.net/2015/01/vlc-media-player-215-memory-corruption.html"
},
{
"name": "20150116 VLC Media Player 2.1.5 Memory Corruption Vulnerabilities (CVE-2014-9597, CVE-2014-9597)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/72"
},
{
"name": "GLSA-201603-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-08"
},
{
"name": "https://trac.videolan.org/vlc/ticket/13389",
"refsource": "MISC",
"url": "https://trac.videolan.org/vlc/ticket/13389"
},
{
"name": "https://trac.videolan.org/vlc/attachment/ticket/13389/windbglog.txt",
"refsource": "MISC",
"url": "https://trac.videolan.org/vlc/attachment/ticket/13389/windbglog.txt"
}
]
}
}

128
2016/2xxx/CVE-2016-2025.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2025",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote attackers to obtain sensitive information via unspecified vectors, related to the Web Client, Service Request Catalog, and Mobility components."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05149290",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05149290"
},
{
"name" : "1035954",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035954"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote attackers to obtain sensitive information via unspecified vectors, related to the Web Client, Service Request Catalog, and Mobility components."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05149290",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05149290"
},
{
"name": "1035954",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035954"
}
]
}
}

138
2016/2xxx/CVE-2016-2416.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2416",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libs/gui/BufferQueueConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for the android.permission.DUMP permission, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via a dump request, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27046057."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-2416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-04-02.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-04-02.html"
},
{
"name" : "https://android.googlesource.com/platform/frameworks/native/+/85d253fab5e2c01bd90990667c6de25c282fc5cd",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/native/+/85d253fab5e2c01bd90990667c6de25c282fc5cd"
},
{
"name" : "https://android.googlesource.com/platform/frameworks/native/+/a40b30f5c43726120bfe69d41ff5aeb31fe1d02a",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/native/+/a40b30f5c43726120bfe69d41ff5aeb31fe1d02a"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libs/gui/BufferQueueConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for the android.permission.DUMP permission, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via a dump request, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27046057."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://android.googlesource.com/platform/frameworks/native/+/a40b30f5c43726120bfe69d41ff5aeb31fe1d02a",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/native/+/a40b30f5c43726120bfe69d41ff5aeb31fe1d02a"
},
{
"name": "https://android.googlesource.com/platform/frameworks/native/+/85d253fab5e2c01bd90990667c6de25c282fc5cd",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/native/+/85d253fab5e2c01bd90990667c6de25c282fc5cd"
},
{
"name": "http://source.android.com/security/bulletin/2016-04-02.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-04-02.html"
}
]
}
}

138
2016/2xxx/CVE-2016-2935.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2935",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The broker application in IBM BigFix Remote Control before 9.1.3 allows remote attackers to cause a denial of service via an invalid HTTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-2935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991955",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991955"
},
{
"name" : "IV89745",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89745"
},
{
"name" : "94989",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94989"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The broker application in IBM BigFix Remote Control before 9.1.3 allows remote attackers to cause a denial of service via an invalid HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IV89745",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89745"
},
{
"name": "94989",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94989"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991955",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991955"
}
]
}
}

32
2016/3xxx/CVE-2016-3026.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3026",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3026",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

358
2016/3xxx/CVE-2016-3115.json
View File

@ -1,182 +1,182 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3115",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3115",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "39569",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/39569/"
},
{
"name" : "20160314 CVE-2016-3115 - OpenSSH <=7.2p1 xauth injection",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2016/Mar/46"
},
{
"name" : "20160314 CVE-2016-3116 - Dropbear SSH xauth injection",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2016/Mar/47"
},
{
"name" : "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"name" : "http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html"
},
{
"name" : "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115",
"refsource" : "MISC",
"url" : "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115"
},
{
"name" : "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c",
"refsource" : "CONFIRM",
"url" : "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c"
},
{
"name" : "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h",
"refsource" : "CONFIRM",
"url" : "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h"
},
{
"name" : "http://www.openssh.com/txt/x11fwd.adv",
"refsource" : "CONFIRM",
"url" : "http://www.openssh.com/txt/x11fwd.adv"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name" : "https://bto.bluecoat.com/security-advisory/sa121",
"refsource" : "CONFIRM",
"url" : "https://bto.bluecoat.com/security-advisory/sa121"
},
{
"name" : "FEDORA-2016-08e5803496",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html"
},
{
"name" : "FEDORA-2016-0bcab055a7",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html"
},
{
"name" : "FEDORA-2016-d339d610c1",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html"
},
{
"name" : "FEDORA-2016-188267b485",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html"
},
{
"name" : "FEDORA-2016-fc1cc33e05",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html"
},
{
"name" : "FEDORA-2016-bb59db3c86",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html"
},
{
"name" : "FreeBSD-SA-16:14",
"refsource" : "FREEBSD",
"url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc"
},
{
"name" : "GLSA-201612-18",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201612-18"
},
{
"name" : "RHSA-2016:0466",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0466.html"
},
{
"name" : "RHSA-2016:0465",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0465.html"
},
{
"name" : "84314",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/84314"
},
{
"name" : "1035249",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035249"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openssh.com/txt/x11fwd.adv",
"refsource": "CONFIRM",
"url": "http://www.openssh.com/txt/x11fwd.adv"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115",
"refsource": "MISC",
"url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115"
},
{
"name": "http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html"
},
{
"name": "FreeBSD-SA-16:14",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "39569",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39569/"
},
{
"name": "RHSA-2016:0466",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0466.html"
},
{
"name": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c",
"refsource": "CONFIRM",
"url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c"
},
{
"name": "1035249",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035249"
},
{
"name": "FEDORA-2016-fc1cc33e05",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h",
"refsource": "CONFIRM",
"url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h"
},
{
"name": "FEDORA-2016-d339d610c1",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa121",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa121"
},
{
"name": "GLSA-201612-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-18"
},
{
"name": "84314",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84314"
},
{
"name": "FEDORA-2016-0bcab055a7",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"name": "FEDORA-2016-08e5803496",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html"
},
{
"name": "20160314 CVE-2016-3116 - Dropbear SSH xauth injection",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Mar/47"
},
{
"name": "RHSA-2016:0465",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0465.html"
},
{
"name": "FEDORA-2016-188267b485",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html"
},
{
"name": "20160314 CVE-2016-3115 - OpenSSH <=7.2p1 xauth injection",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Mar/46"
},
{
"name": "FEDORA-2016-bb59db3c86",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html"
}
]
}
}

308
2016/3xxx/CVE-2016-3715.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3715",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20160513 May 2016 - HipChat Server - Critical Security Advisory",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/538378/100/0/threaded"
},
{
"name" : "39767",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/39767/"
},
{
"name" : "[oss-security] 20160504 Re: ImageMagick Is On Fire -- CVE-2016-3714",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/05/03/18"
},
{
"name" : "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog",
"refsource" : "CONFIRM",
"url" : "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog"
},
{
"name" : "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588",
"refsource" : "CONFIRM",
"url" : "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588"
},
{
"name" : "https://www.imagemagick.org/script/changelog.php",
"refsource" : "CONFIRM",
"url" : "https://www.imagemagick.org/script/changelog.php"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name" : "DSA-3580",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3580"
},
{
"name" : "DSA-3746",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3746"
},
{
"name" : "GLSA-201611-21",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201611-21"
},
{
"name" : "RHSA-2016:0726",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0726.html"
},
{
"name" : "SSA:2016-132-01",
"refsource" : "SLACKWARE",
"url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568"
},
{
"name" : "SUSE-SU-2016:1260",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html"
},
{
"name" : "openSUSE-SU-2016:1261",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html"
},
{
"name" : "openSUSE-SU-2016:1266",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html"
},
{
"name" : "SUSE-SU-2016:1275",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html"
},
{
"name" : "openSUSE-SU-2016:1326",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html"
},
{
"name" : "USN-2990-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2990-1"
},
{
"name" : "89852",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/89852"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog",
"refsource": "CONFIRM",
"url": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog"
},
{
"name": "openSUSE-SU-2016:1266",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588",
"refsource": "CONFIRM",
"url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588"
},
{
"name": "openSUSE-SU-2016:1326",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html"
},
{
"name": "USN-2990-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2990-1"
},
{
"name": "openSUSE-SU-2016:1261",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html"
},
{
"name": "20160513 May 2016 - HipChat Server - Critical Security Advisory",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538378/100/0/threaded"
},
{
"name": "39767",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39767/"
},
{
"name": "SUSE-SU-2016:1260",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "[oss-security] 20160504 Re: ImageMagick Is On Fire -- CVE-2016-3714",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/03/18"
},
{
"name": "DSA-3746",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3746"
},
{
"name": "GLSA-201611-21",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-21"
},
{
"name": "SUSE-SU-2016:1275",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html"
},
{
"name": "SSA:2016-132-01",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568"
},
{
"name": "https://www.imagemagick.org/script/changelog.php",
"refsource": "CONFIRM",
"url": "https://www.imagemagick.org/script/changelog.php"
},
{
"name": "DSA-3580",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3580"
},
{
"name": "RHSA-2016:0726",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0726.html"
},
{
"name": "89852",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/89852"
}
]
}
}

32
2016/6xxx/CVE-2016-6008.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6008",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6008",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

198
2016/6xxx/CVE-2016-6905.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6905",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160822 Re: CVE Request: libgd: Out-Of-Bounds Read in function read_image_tga of gd_tga.c",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/08/23/1"
},
{
"name" : "https://github.com/libgd/libgd/commit/01c61f8ab110a77ae64b5ca67c244c728c506f03",
"refsource" : "CONFIRM",
"url" : "https://github.com/libgd/libgd/commit/01c61f8ab110a77ae64b5ca67c244c728c506f03"
},
{
"name" : "https://github.com/libgd/libgd/commit/3c2b605d72e8b080dace1d98a6e50b46c1d12186",
"refsource" : "CONFIRM",
"url" : "https://github.com/libgd/libgd/commit/3c2b605d72e8b080dace1d98a6e50b46c1d12186"
},
{
"name" : "https://github.com/libgd/libgd/issues/248",
"refsource" : "CONFIRM",
"url" : "https://github.com/libgd/libgd/issues/248"
},
{
"name" : "https://github.com/libgd/libgd/pull/251",
"refsource" : "CONFIRM",
"url" : "https://github.com/libgd/libgd/pull/251"
},
{
"name" : "http://libgd.github.io/release-2.2.3.html",
"refsource" : "CONFIRM",
"url" : "http://libgd.github.io/release-2.2.3.html"
},
{
"name" : "openSUSE-SU-2016:2203",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-08/msg00121.html"
},
{
"name" : "openSUSE-SU-2016:2363",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html"
},
{
"name" : "91743",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91743"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:2363",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html"
},
{
"name": "91743",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91743"
},
{
"name": "http://libgd.github.io/release-2.2.3.html",
"refsource": "CONFIRM",
"url": "http://libgd.github.io/release-2.2.3.html"
},
{
"name": "openSUSE-SU-2016:2203",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00121.html"
},
{
"name": "https://github.com/libgd/libgd/issues/248",
"refsource": "CONFIRM",
"url": "https://github.com/libgd/libgd/issues/248"
},
{
"name": "https://github.com/libgd/libgd/pull/251",
"refsource": "CONFIRM",
"url": "https://github.com/libgd/libgd/pull/251"
},
{
"name": "https://github.com/libgd/libgd/commit/3c2b605d72e8b080dace1d98a6e50b46c1d12186",
"refsource": "CONFIRM",
"url": "https://github.com/libgd/libgd/commit/3c2b605d72e8b080dace1d98a6e50b46c1d12186"
},
{
"name": "https://github.com/libgd/libgd/commit/01c61f8ab110a77ae64b5ca67c244c728c506f03",
"refsource": "CONFIRM",
"url": "https://github.com/libgd/libgd/commit/01c61f8ab110a77ae64b5ca67c244c728c506f03"
},
{
"name": "[oss-security] 20160822 Re: CVE Request: libgd: Out-Of-Bounds Read in function read_image_tga of gd_tga.c",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/08/23/1"
}
]
}
}

138
2016/7xxx/CVE-2016-7012.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7012",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-7012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"
},
{
"name" : "93496",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93496"
},
{
"name" : "1036986",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036986"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036986",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036986"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"
},
{
"name": "93496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93496"
}
]
}
}

32
2016/7xxx/CVE-2016-7319.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7319",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7319",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

168
2016/7xxx/CVE-2016-7537.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7537",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-7537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/09/22/2"
},
{
"name" : "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1553366",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1553366"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1378773",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1378773"
},
{
"name" : "https://github.com/ImageMagick/ImageMagick/commit/424d40ebfcde48bb872eba75179d3d73704fdf1f",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/commit/424d40ebfcde48bb872eba75179d3d73704fdf1f"
},
{
"name" : "https://github.com/ImageMagick/ImageMagick/issues/143",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/issues/143"
},
{
"name" : "93131",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93131"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ImageMagick/ImageMagick/commit/424d40ebfcde48bb872eba75179d3d73704fdf1f",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/commit/424d40ebfcde48bb872eba75179d3d73704fdf1f"
},
{
"name": "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/22/2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1378773",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378773"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1553366",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1553366"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/143",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/issues/143"
},
{
"name": "93131",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93131"
}
]
}
}

128
2016/7xxx/CVE-2016-7841.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2016-7841",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Olive Diary DX",
"version" : {
"version_data" : [
{
"version_value" : "All versions"
}
]
}
}
]
},
"vendor_name" : "Olive Design"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in Olive Diary DX allows remote attackers to inject arbitrary web script or HTML via the page parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Olive Diary DX",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Olive Design"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#71538099",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN71538099/index.html"
},
{
"name" : "95314",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95314"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Olive Diary DX allows remote attackers to inject arbitrary web script or HTML via the page parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95314",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95314"
},
{
"name": "JVN#71538099",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN71538099/index.html"
}
]
}
}

168
2016/7xxx/CVE-2016-7930.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7930",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The LLC/SNAP parser in tcpdump before 4.9.0 has a buffer overflow in print-llc.c:llc_print()."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html",
"refsource" : "CONFIRM",
"url" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html"
},
{
"name" : "DSA-3775",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3775"
},
{
"name" : "GLSA-201702-30",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201702-30"
},
{
"name" : "RHSA-2017:1871",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1871"
},
{
"name" : "95852",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95852"
},
{
"name" : "1037755",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037755"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LLC/SNAP parser in tcpdump before 4.9.0 has a buffer overflow in print-llc.c:llc_print()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037755",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037755"
},
{
"name": "DSA-3775",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3775"
},
{
"name": "RHSA-2017:1871",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1871"
},
{
"name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html",
"refsource": "CONFIRM",
"url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html"
},
{
"name": "95852",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95852"
},
{
"name": "GLSA-201702-30",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-30"
}
]
}
}