admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:48:39 +00:00
parent ed35ea79fd
commit eadb0f5b71
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
55 changed files with 4206 additions and 4206 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

240
2006/1xxx/CVE-2006-1060.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1060",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in zgv before 5.8 and xzgv before 0.8 might allow user-assisted attackers to execute arbitrary code via a JPEG image with more than 3 output components, such as a CMYK or YCCK color space, which causes less memory to be allocated than required."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-1060",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-1037",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1037"
},
{
"name" : "DSA-1038",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1038"
},
{
"name" : "SUSE-SR:2006:008",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_08_sr.html"
},
{
"name" : "17409",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17409"
},
{
"name" : "ADV-2006-1288",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1288"
},
{
"name" : "19572",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19572"
},
{
"name" : "19571",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19571"
},
{
"name" : "19731",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19731"
},
{
"name" : "19757",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19757"
},
{
"name" : "19779",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19779"
},
{
"name" : "19790",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19790"
},
{
"name" : "756",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/756"
},
{
"name" : "xzgv-jpeg-bo(25718)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25718"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in zgv before 5.8 and xzgv before 0.8 might allow user-assisted attackers to execute arbitrary code via a JPEG image with more than 3 output components, such as a CMYK or YCCK color space, which causes less memory to be allocated than required."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17409",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17409"
},
{
"name": "19572",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19572"
},
{
"name": "19779",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19779"
},
{
"name": "19790",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19790"
},
{
"name": "ADV-2006-1288",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1288"
},
{
"name": "19757",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19757"
},
{
"name": "SUSE-SR:2006:008",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_08_sr.html"
},
{
"name": "xzgv-jpeg-bo(25718)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25718"
},
{
"name": "DSA-1037",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1037"
},
{
"name": "19731",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19731"
},
{
"name": "756",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/756"
},
{
"name": "19571",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19571"
},
{
"name": "DSA-1038",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1038"
}
]
}
}

200
2006/1xxx/CVE-2006-1779.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1779",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in login.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the btag parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060412 Simplog <=0.9.2 multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/430743/100/0/threaded"
},
{
"name" : "1663",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1663"
},
{
"name" : "http://retrogod.altervista.org/simplog_092_incl_xpl.html",
"refsource" : "MISC",
"url" : "http://retrogod.altervista.org/simplog_092_incl_xpl.html"
},
{
"name" : "17493",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17493"
},
{
"name" : "ADV-2006-1332",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1332"
},
{
"name" : "24562",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24562"
},
{
"name" : "1015904",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015904"
},
{
"name" : "19628",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19628"
},
{
"name" : "simplog-login-xss(25778)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25778"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in login.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the btag parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19628",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19628"
},
{
"name": "1015904",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015904"
},
{
"name": "17493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17493"
},
{
"name": "simplog-login-xss(25778)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25778"
},
{
"name": "1663",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1663"
},
{
"name": "20060412 Simplog <=0.9.2 multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430743/100/0/threaded"
},
{
"name": "http://retrogod.altervista.org/simplog_092_incl_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/simplog_092_incl_xpl.html"
},
{
"name": "ADV-2006-1332",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1332"
},
{
"name": "24562",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24562"
}
]
}
}

230
2006/5xxx/CVE-2006-5559.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5559",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx",
"refsource" : "MISC",
"url" : "http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx"
},
{
"name" : "http://research.eeye.com/html/alerts/zeroday/20061027.html",
"refsource" : "MISC",
"url" : "http://research.eeye.com/html/alerts/zeroday/20061027.html"
},
{
"name" : "MS07-009",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-009"
},
{
"name" : "TA07-044A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"name" : "VU#589272",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/589272"
},
{
"name" : "20704",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20704"
},
{
"name" : "ADV-2007-0578",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0578"
},
{
"name" : "31882",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/31882"
},
{
"name" : "oval:org.mitre.oval:def:214",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A214"
},
{
"name" : "1017127",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017127"
},
{
"name" : "22452",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22452"
},
{
"name" : "ie-adodbconnection-Code-Execution(29837)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29837"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017127",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017127"
},
{
"name": "MS07-009",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-009"
},
{
"name": "20704",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20704"
},
{
"name": "oval:org.mitre.oval:def:214",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A214"
},
{
"name": "22452",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22452"
},
{
"name": "TA07-044A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
},
{
"name": "http://research.eeye.com/html/alerts/zeroday/20061027.html",
"refsource": "MISC",
"url": "http://research.eeye.com/html/alerts/zeroday/20061027.html"
},
{
"name": "VU#589272",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/589272"
},
{
"name": "ie-adodbconnection-Code-Execution(29837)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29837"
},
{
"name": "31882",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/31882"
},
{
"name": "http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx",
"refsource": "MISC",
"url": "http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx"
},
{
"name": "ADV-2007-0578",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0578"
}
]
}
}

160
2006/5xxx/CVE-2006-5597.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5597",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "join.asp in MiniHTTP Web Forum & File Server PowerPack 4.0 allows remote attackers to add or modify arbitrary user accounts via modified (1) frmMailBox and (2) frmUserPass parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2651",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2651"
},
{
"name" : "20743",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20743"
},
{
"name" : "ADV-2006-4217",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4217"
},
{
"name" : "22568",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22568"
},
{
"name" : "minihttp-join-security-bypass(29826)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29826"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "join.asp in MiniHTTP Web Forum & File Server PowerPack 4.0 allows remote attackers to add or modify arbitrary user accounts via modified (1) frmMailBox and (2) frmUserPass parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22568",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22568"
},
{
"name": "2651",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2651"
},
{
"name": "20743",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20743"
},
{
"name": "minihttp-join-security-bypass(29826)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29826"
},
{
"name": "ADV-2006-4217",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4217"
}
]
}
}

160
2007/2xxx/CVE-2007-2542.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2542",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in header.php in workbench survival guide 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3848",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3848"
},
{
"name" : "23821",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23821"
},
{
"name" : "ADV-2007-1667",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1667"
},
{
"name" : "37682",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37682"
},
{
"name" : "workbench-header-file-include(34071)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34071"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in header.php in workbench survival guide 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37682",
"refsource": "OSVDB",
"url": "http://osvdb.org/37682"
},
{
"name": "23821",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23821"
},
{
"name": "workbench-header-file-include(34071)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34071"
},
{
"name": "3848",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3848"
},
{
"name": "ADV-2007-1667",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1667"
}
]
}
}

170
2007/3xxx/CVE-2007-3556.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3556",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Liesbeth base CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an include file containing account credentials via a direct request for config.inc."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070703 Moodle XSS / Liesbeth base CMS sensitive information disclosure",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/472727/100/0/threaded"
},
{
"name" : "http://securityvulns.ru/Rdocument392.html",
"refsource" : "MISC",
"url" : "http://securityvulns.ru/Rdocument392.html"
},
{
"name" : "24749",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24749"
},
{
"name" : "45744",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/45744"
},
{
"name" : "2857",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2857"
},
{
"name" : "liesbethcms-config-information-disclosure(35243)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35243"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Liesbeth base CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an include file containing account credentials via a direct request for config.inc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "liesbethcms-config-information-disclosure(35243)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35243"
},
{
"name": "45744",
"refsource": "OSVDB",
"url": "http://osvdb.org/45744"
},
{
"name": "http://securityvulns.ru/Rdocument392.html",
"refsource": "MISC",
"url": "http://securityvulns.ru/Rdocument392.html"
},
{
"name": "20070703 Moodle XSS / Liesbeth base CMS sensitive information disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472727/100/0/threaded"
},
{
"name": "2857",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2857"
},
{
"name": "24749",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24749"
}
]
}
}

270
2007/6xxx/CVE-2007-6166.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6166",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4648",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4648"
},
{
"name" : "6013",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6013"
},
{
"name" : "http://www.beskerming.com/security/2007/11/25/74/QuickTime_-_Remote_hacker_automatic_control",
"refsource" : "MISC",
"url" : "http://www.beskerming.com/security/2007/11/25/74/QuickTime_-_Remote_hacker_automatic_control"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=307176",
"refsource" : "MISC",
"url" : "http://docs.info.apple.com/article.html?artnum=307176"
},
{
"name" : "APPLE-SA-2007-12-13",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00000.html"
},
{
"name" : "GLSA-200803-08",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200803-08.xml"
},
{
"name" : "TA07-334A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-334A.html"
},
{
"name" : "VU#659761",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/659761"
},
{
"name" : "26549",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26549"
},
{
"name" : "26560",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26560"
},
{
"name" : "ADV-2007-3984",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3984"
},
{
"name" : "1018989",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018989"
},
{
"name" : "27755",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27755"
},
{
"name" : "29182",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29182"
},
{
"name" : "3410",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3410"
},
{
"name" : "quicktime-rtsp-contenttype-bo(38604)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38604"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26549",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26549"
},
{
"name": "http://www.beskerming.com/security/2007/11/25/74/QuickTime_-_Remote_hacker_automatic_control",
"refsource": "MISC",
"url": "http://www.beskerming.com/security/2007/11/25/74/QuickTime_-_Remote_hacker_automatic_control"
},
{
"name": "3410",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3410"
},
{
"name": "4648",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4648"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307176",
"refsource": "MISC",
"url": "http://docs.info.apple.com/article.html?artnum=307176"
},
{
"name": "APPLE-SA-2007-12-13",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00000.html"
},
{
"name": "GLSA-200803-08",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200803-08.xml"
},
{
"name": "26560",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26560"
},
{
"name": "TA07-334A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-334A.html"
},
{
"name": "VU#659761",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/659761"
},
{
"name": "quicktime-rtsp-contenttype-bo(38604)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38604"
},
{
"name": "6013",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6013"
},
{
"name": "ADV-2007-3984",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3984"
},
{
"name": "27755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27755"
},
{
"name": "29182",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29182"
},
{
"name": "1018989",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018989"
}
]
}
}

290
2007/6xxx/CVE-2007-6353.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6353",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6353",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=202351",
"refsource" : "MISC",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=202351"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=425921",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=425921"
},
{
"name" : "DSA-1474",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1474"
},
{
"name" : "FEDORA-2007-4551",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00674.html"
},
{
"name" : "FEDORA-2007-4591",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00652.html"
},
{
"name" : "GLSA-200712-16",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200712-16.xml"
},
{
"name" : "MDVSA-2008:006",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:006"
},
{
"name" : "SUSE-SR:2008:001",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
},
{
"name" : "USN-655-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-655-1"
},
{
"name" : "26918",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26918"
},
{
"name" : "ADV-2007-4252",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/4252"
},
{
"name" : "28132",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28132"
},
{
"name" : "28178",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28178"
},
{
"name" : "28267",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28267"
},
{
"name" : "28412",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28412"
},
{
"name" : "28610",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28610"
},
{
"name" : "32273",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32273"
},
{
"name" : "exiv2-setdataarea-bo(39118)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39118"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2008:006",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:006"
},
{
"name": "28412",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28412"
},
{
"name": "28610",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28610"
},
{
"name": "USN-655-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-655-1"
},
{
"name": "ADV-2007-4252",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4252"
},
{
"name": "FEDORA-2007-4591",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00652.html"
},
{
"name": "28267",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28267"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=202351",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=202351"
},
{
"name": "28132",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28132"
},
{
"name": "GLSA-200712-16",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200712-16.xml"
},
{
"name": "26918",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26918"
},
{
"name": "28178",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28178"
},
{
"name": "DSA-1474",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1474"
},
{
"name": "exiv2-setdataarea-bo(39118)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39118"
},
{
"name": "32273",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32273"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=425921",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=425921"
},
{
"name": "FEDORA-2007-4551",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00674.html"
},
{
"name": "SUSE-SR:2008:001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
]
}
}

140
2007/6xxx/CVE-2007-6475.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6475",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_sel parameter to (1) updater.php and (2) thumber.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4738",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4738"
},
{
"name" : "26936",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26936"
},
{
"name" : "gf3xplorer-langsel-file-include(39126)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39126"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_sel parameter to (1) updater.php and (2) thumber.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4738",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4738"
},
{
"name": "26936",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26936"
},
{
"name": "gf3xplorer-langsel-file-include(39126)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39126"
}
]
}
}

420
2010/0xxx/CVE-2010-0159.json
View File

@ -1,212 +1,212 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0159",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-01.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-01.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=467005",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=467005"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=501934",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=501934"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=527567",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=527567"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=528134",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=528134"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=528300",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=528300"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=530880",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=530880"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=534082",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=534082"
},
{
"name" : "DSA-1999",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-1999"
},
{
"name" : "FEDORA-2010-1727",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html"
},
{
"name" : "FEDORA-2010-1932",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html"
},
{
"name" : "FEDORA-2010-1936",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html"
},
{
"name" : "FEDORA-2010-3230",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036097.html"
},
{
"name" : "FEDORA-2010-3267",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036132.html"
},
{
"name" : "MDVSA-2010:042",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:042"
},
{
"name" : "RHSA-2010:0112",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0112.html"
},
{
"name" : "RHSA-2010:0113",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0113.html"
},
{
"name" : "RHSA-2010:0153",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0153.html"
},
{
"name" : "RHSA-2010:0154",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0154.html"
},
{
"name" : "SUSE-SA:2010:015",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html"
},
{
"name" : "USN-895-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-895-1"
},
{
"name" : "USN-896-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-896-1"
},
{
"name" : "oval:org.mitre.oval:def:8485",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8485"
},
{
"name" : "oval:org.mitre.oval:def:9590",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9590"
},
{
"name" : "37242",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37242"
},
{
"name" : "38770",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38770"
},
{
"name" : "38772",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38772"
},
{
"name" : "38847",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38847"
},
{
"name" : "ADV-2010-0405",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0405"
},
{
"name" : "ADV-2010-0650",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0650"
},
{
"name" : "mozilla-browsereng-code-execution(56359)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56359"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-895-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-895-1"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=534082",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=534082"
},
{
"name": "RHSA-2010:0153",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0153.html"
},
{
"name": "oval:org.mitre.oval:def:9590",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9590"
},
{
"name": "38847",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38847"
},
{
"name": "SUSE-SA:2010:015",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html"
},
{
"name": "RHSA-2010:0113",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0113.html"
},
{
"name": "MDVSA-2010:042",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:042"
},
{
"name": "FEDORA-2010-1936",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=530880",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=530880"
},
{
"name": "RHSA-2010:0112",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0112.html"
},
{
"name": "ADV-2010-0650",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0650"
},
{
"name": "http://www.mozilla.org/security/announce/2010/mfsa2010-01.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-01.html"
},
{
"name": "mozilla-browsereng-code-execution(56359)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56359"
},
{
"name": "FEDORA-2010-1932",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html"
},
{
"name": "38770",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38770"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=467005",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=467005"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=528134",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=528134"
},
{
"name": "DSA-1999",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-1999"
},
{
"name": "RHSA-2010:0154",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0154.html"
},
{
"name": "FEDORA-2010-1727",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=527567",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=527567"
},
{
"name": "38772",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38772"
},
{
"name": "USN-896-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-896-1"
},
{
"name": "ADV-2010-0405",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0405"
},
{
"name": "37242",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37242"
},
{
"name": "FEDORA-2010-3230",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036097.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=528300",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=528300"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=501934",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=501934"
},
{
"name": "FEDORA-2010-3267",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036132.html"
},
{
"name": "oval:org.mitre.oval:def:8485",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8485"
}
]
}
}

34
2010/0xxx/CVE-2010-0413.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0413",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0413",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2010/0xxx/CVE-2010-0585.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0585",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug ID CSCsz48614, the \"SCCP Packet Processing Denial of Service Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-0585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=20069",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=20069"
},
{
"name" : "20100324 Cisco Unified Communications Manager Express Denial of Service Vulnerabilities",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20f33.shtml"
},
{
"name" : "39069",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39069"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug ID CSCsz48614, the \"SCCP Packet Processing Denial of Service Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39069",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39069"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=20069",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=20069"
},
{
"name": "20100324 Cisco Unified Communications Manager Express Denial of Service Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20f33.shtml"
}
]
}
}

150
2010/0xxx/CVE-2010-0977.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0977",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PD PORTAL 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1001-exploits/pdportal-disclose.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1001-exploits/pdportal-disclose.txt"
},
{
"name" : "10995",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/10995"
},
{
"name" : "61468",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/61468"
},
{
"name" : "38109",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38109"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PD PORTAL 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10995",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10995"
},
{
"name": "61468",
"refsource": "OSVDB",
"url": "http://osvdb.org/61468"
},
{
"name": "38109",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38109"
},
{
"name": "http://packetstormsecurity.org/1001-exploits/pdportal-disclose.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1001-exploits/pdportal-disclose.txt"
}
]
}
}

180
2010/1xxx/CVE-2010-1133.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1133",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x before 4.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) tiki-searchindex.php and (2) tiki-searchresults.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1133",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases",
"refsource" : "CONFIRM",
"url" : "http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases"
},
{
"name" : "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25424",
"refsource" : "CONFIRM",
"url" : "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25424"
},
{
"name" : "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25435",
"refsource" : "CONFIRM",
"url" : "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25435"
},
{
"name" : "38608",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38608"
},
{
"name" : "62800",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/62800"
},
{
"name" : "38896",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38896"
},
{
"name" : "tikiwiki-unknown-input-sql-injection(56769)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56769"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x before 4.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) tiki-searchindex.php and (2) tiki-searchresults.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38608",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38608"
},
{
"name": "http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases",
"refsource": "CONFIRM",
"url": "http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases"
},
{
"name": "38896",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38896"
},
{
"name": "62800",
"refsource": "OSVDB",
"url": "http://osvdb.org/62800"
},
{
"name": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25435",
"refsource": "CONFIRM",
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25435"
},
{
"name": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25424",
"refsource": "CONFIRM",
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25424"
},
{
"name": "tikiwiki-unknown-input-sql-injection(56769)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56769"
}
]
}
}

710
2010/1xxx/CVE-2010-1321.json
View File

@ -1,357 +1,357 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1321",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100518 MITKRB5-SA-2010-005 [CVE-2010-1321] GSS-API lib null pointer deref",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/511331/100/0/threaded"
},
{
"name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt",
"refsource" : "CONFIRM",
"url" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100114315",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100114315"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name" : "DSA-2052",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2052"
},
{
"name" : "FEDORA-2010-8749",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041615.html"
},
{
"name" : "FEDORA-2010-8796",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041645.html"
},
{
"name" : "FEDORA-2010-8805",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041654.html"
},
{
"name" : "HPSBUX02544",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427"
},
{
"name" : "SSRT100107",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427"
},
{
"name" : "HPSBMU02799",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
},
{
"name" : "MDVSA-2010:100",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:100"
},
{
"name" : "RHSA-2010:0423",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0423.html"
},
{
"name" : "RHSA-2010:0770",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
},
{
"name" : "RHSA-2010:0807",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
},
{
"name" : "RHSA-2010:0873",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
},
{
"name" : "RHSA-2010:0935",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0935.html"
},
{
"name" : "RHSA-2010:0987",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
},
{
"name" : "RHSA-2011:0152",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0152.html"
},
{
"name" : "RHSA-2011:0880",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
},
{
"name" : "SUSE-SR:2010:013",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name" : "SUSE-SR:2010:014",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name" : "SUSE-SR:2010:019",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"name" : "SUSE-SU-2012:0010",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html"
},
{
"name" : "SUSE-SU-2012:0042",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html"
},
{
"name" : "USN-940-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-940-1"
},
{
"name" : "USN-940-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-940-2"
},
{
"name" : "TA10-287A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
},
{
"name" : "TA11-201A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html"
},
{
"name" : "40235",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40235"
},
{
"name" : "64744",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/64744"
},
{
"name" : "oval:org.mitre.oval:def:11604",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11604"
},
{
"name" : "oval:org.mitre.oval:def:7198",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7198"
},
{
"name" : "oval:org.mitre.oval:def:7450",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7450"
},
{
"name" : "39762",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39762"
},
{
"name" : "39818",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39818"
},
{
"name" : "39784",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39784"
},
{
"name" : "39799",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39799"
},
{
"name" : "39849",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39849"
},
{
"name" : "40346",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40346"
},
{
"name" : "40685",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40685"
},
{
"name" : "41967",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41967"
},
{
"name" : "42432",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42432"
},
{
"name" : "42974",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42974"
},
{
"name" : "43335",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43335"
},
{
"name" : "44954",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44954"
},
{
"name" : "ADV-2010-1177",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1177"
},
{
"name" : "ADV-2010-1193",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1193"
},
{
"name" : "ADV-2010-1196",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1196"
},
{
"name" : "ADV-2010-1192",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1192"
},
{
"name" : "ADV-2010-1222",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1222"
},
{
"name" : "ADV-2010-1574",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1574"
},
{
"name" : "ADV-2010-1882",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1882"
},
{
"name" : "ADV-2010-3112",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3112"
},
{
"name" : "ADV-2011-0134",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0134"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2012:0042",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html"
},
{
"name": "39818",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39818"
},
{
"name": "ADV-2011-0134",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0134"
},
{
"name": "http://support.avaya.com/css/P8/documents/100114315",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100114315"
},
{
"name": "39784",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39784"
},
{
"name": "USN-940-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-940-1"
},
{
"name": "HPSBMU02799",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
},
{
"name": "20100518 MITKRB5-SA-2010-005 [CVE-2010-1321] GSS-API lib null pointer deref",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511331/100/0/threaded"
},
{
"name": "MDVSA-2010:100",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:100"
},
{
"name": "TA11-201A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html"
},
{
"name": "FEDORA-2010-8749",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041615.html"
},
{
"name": "RHSA-2010:0770",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
},
{
"name": "40685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40685"
},
{
"name": "40235",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40235"
},
{
"name": "FEDORA-2010-8796",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041645.html"
},
{
"name": "ADV-2010-1574",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1574"
},
{
"name": "oval:org.mitre.oval:def:7198",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7198"
},
{
"name": "ADV-2010-1192",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1192"
},
{
"name": "39799",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39799"
},
{
"name": "ADV-2010-1196",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1196"
},
{
"name": "SUSE-SR:2010:013",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "SSRT100107",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427"
},
{
"name": "39849",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39849"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name": "RHSA-2010:0987",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
},
{
"name": "44954",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44954"
},
{
"name": "USN-940-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-940-2"
},
{
"name": "42432",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42432"
},
{
"name": "oval:org.mitre.oval:def:7450",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7450"
},
{
"name": "39762",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39762"
},
{
"name": "RHSA-2011:0880",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
},
{
"name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt"
},
{
"name": "SUSE-SU-2012:0010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html"
},
{
"name": "RHSA-2010:0873",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
},
{
"name": "SUSE-SR:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "HPSBUX02544",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427"
},
{
"name": "ADV-2010-1177",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1177"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "42974",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42974"
},
{
"name": "ADV-2010-3112",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3112"
},
{
"name": "FEDORA-2010-8805",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041654.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html"
},
{
"name": "TA10-287A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
},
{
"name": "43335",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43335"
},
{
"name": "DSA-2052",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2052"
},
{
"name": "RHSA-2010:0423",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0423.html"
},
{
"name": "SUSE-SR:2010:019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"name": "ADV-2010-1882",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1882"
},
{
"name": "RHSA-2011:0152",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0152.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "40346",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40346"
},
{
"name": "oval:org.mitre.oval:def:11604",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11604"
},
{
"name": "41967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41967"
},
{
"name": "RHSA-2010:0807",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
},
{
"name": "RHSA-2010:0935",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0935.html"
},
{
"name": "64744",
"refsource": "OSVDB",
"url": "http://osvdb.org/64744"
},
{
"name": "ADV-2010-1222",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1222"
},
{
"name": "ADV-2010-1193",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1193"
}
]
}
}

170
2010/1xxx/CVE-2010-1374.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1374",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in iChat in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, when AIM is used, allows remote attackers to create arbitrary files via directory traversal sequences in an inline image-transfer operation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-1374",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4188",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4188"
},
{
"name" : "APPLE-SA-2010-06-15-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"name" : "40871",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40871"
},
{
"name" : "1024103",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024103"
},
{
"name" : "40220",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40220"
},
{
"name" : "ADV-2010-1481",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1481"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in iChat in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, when AIM is used, allows remote attackers to create arbitrary files via directory traversal sequences in an inline image-transfer operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-06-15-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"name": "ADV-2010-1481",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"name": "40871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40871"
},
{
"name": "1024103",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024103"
},
{
"name": "http://support.apple.com/kb/HT4188",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4188"
},
{
"name": "40220",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40220"
}
]
}
}

130
2010/4xxx/CVE-2010-4787.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4787",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.63 (aka 6.0.0.8-TIV-ITDS-IF0005) allows remote authenticated users to cause a denial of service (daemon hang) via a paged search that triggers improper mutex processing."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg24029672",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg24029672"
},
{
"name" : "IO12476",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg1IO12476"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.63 (aka 6.0.0.8-TIV-ITDS-IF0005) allows remote authenticated users to cause a denial of service (daemon hang) via a paged search that triggers improper mutex processing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IO12476",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IO12476"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg24029672",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029672"
}
]
}
}

130
2010/5xxx/CVE-2010-5288.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5288",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the lsConnectionCached function in editcp in EDItran Communications Platform 4.1 R7 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted packet to TCP port 7777."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.digitalsec.net/stuff/explt+advs/editcpv4.1R7_bof.txt",
"refsource" : "MISC",
"url" : "http://www.digitalsec.net/stuff/explt+advs/editcpv4.1R7_bof.txt"
},
{
"name" : "40395",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40395"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the lsConnectionCached function in editcp in EDItran Communications Platform 4.1 R7 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted packet to TCP port 7777."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40395",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40395"
},
{
"name": "http://www.digitalsec.net/stuff/explt+advs/editcpv4.1R7_bof.txt",
"refsource": "MISC",
"url": "http://www.digitalsec.net/stuff/explt+advs/editcpv4.1R7_bof.txt"
}
]
}
}

120
2014/0xxx/CVE-2014-0337.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0337",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the web interface on Huawei Echo Life HG8247 routers with software before V100R006C00SPC127 allows remote attackers to inject arbitrary web script or HTML via an invalid TELNET connection attempt with a crafted username that is not properly handled during construction of the \"failed log-in attempts over telnet\" log view."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-0337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#917700",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/917700"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the web interface on Huawei Echo Life HG8247 routers with software before V100R006C00SPC127 allows remote attackers to inject arbitrary web script or HTML via an invalid TELNET connection attempt with a crafted username that is not properly handled during construction of the \"failed log-in attempts over telnet\" log view."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#917700",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/917700"
}
]
}
}

270
2014/0xxx/CVE-2014-0401.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0401",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-0401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name" : "DSA-2845",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2845"
},
{
"name" : "DSA-2848",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2848"
},
{
"name" : "GLSA-201409-04",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201409-04.xml"
},
{
"name" : "RHSA-2014:0164",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0164.html"
},
{
"name" : "RHSA-2014:0173",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0173.html"
},
{
"name" : "RHSA-2014:0186",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0186.html"
},
{
"name" : "RHSA-2014:0189",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0189.html"
},
{
"name" : "USN-2086-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-2086-1"
},
{
"name" : "64758",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64758"
},
{
"name" : "64898",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64898"
},
{
"name" : "102071",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/102071"
},
{
"name" : "56491",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56491"
},
{
"name" : "56541",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56541"
},
{
"name" : "56580",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56580"
},
{
"name" : "oracle-cpujan2014-cve20140401(90382)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90382"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2086-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-2086-1"
},
{
"name": "oracle-cpujan2014-cve20140401(90382)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90382"
},
{
"name": "64898",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64898"
},
{
"name": "102071",
"refsource": "OSVDB",
"url": "http://osvdb.org/102071"
},
{
"name": "DSA-2845",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2845"
},
{
"name": "56491",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56491"
},
{
"name": "RHSA-2014:0186",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0186.html"
},
{
"name": "56541",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56541"
},
{
"name": "DSA-2848",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2848"
},
{
"name": "56580",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56580"
},
{
"name": "RHSA-2014:0173",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0173.html"
},
{
"name": "RHSA-2014:0189",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0189.html"
},
{
"name": "RHSA-2014:0164",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0164.html"
},
{
"name": "64758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64758"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name": "GLSA-201409-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201409-04.xml"
}
]
}
}

160
2014/0xxx/CVE-2014-0857.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0857",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Administrative Console in IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote authenticated users to obtain sensitive information via a crafted request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21669554",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21669554"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676092",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
},
{
"name" : "PI07808",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI07808"
},
{
"name" : "67327",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67327"
},
{
"name" : "ibm-was-cve20140857-info-disc(90863)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90863"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Administrative Console in IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote authenticated users to obtain sensitive information via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
},
{
"name": "67327",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67327"
},
{
"name": "ibm-was-cve20140857-info-disc(90863)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90863"
},
{
"name": "PI07808",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI07808"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554"
}
]
}
}

34
2014/1xxx/CVE-2014-1395.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1395",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1395",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2014/1xxx/CVE-2014-1603.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1603",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) param parameter to admin/load.php or (2) user, (3) email, or (4) name parameter in a Save Settings action to admin/settings.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140513 [CVE-2014-1603] XSS in GetSimple CMS 3.3.1",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/May/53"
},
{
"name" : "https://raw.githubusercontent.com/pedrib/PoC/master/getsimplecms-3.3.1.txt",
"refsource" : "MISC",
"url" : "https://raw.githubusercontent.com/pedrib/PoC/master/getsimplecms-3.3.1.txt"
},
{
"name" : "67337",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67337"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) param parameter to admin/load.php or (2) user, (3) email, or (4) name parameter in a Save Settings action to admin/settings.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140513 [CVE-2014-1603] XSS in GetSimple CMS 3.3.1",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/May/53"
},
{
"name": "https://raw.githubusercontent.com/pedrib/PoC/master/getsimplecms-3.3.1.txt",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/getsimplecms-3.3.1.txt"
},
{
"name": "67337",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67337"
}
]
}
}

34
2014/1xxx/CVE-2014-1844.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1844",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1844",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

190
2014/1xxx/CVE-2014-1949.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1949",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140212 Re: cinnamon-screensaver lock bypass (tested on Fedora 20)",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2014/q1/331"
},
{
"name" : "[oss-security] 20140212 cinnamon-screensaver lock bypass (tested on Fedora 20)",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2014/q1/327"
},
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759145",
"refsource" : "CONFIRM",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759145"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1064695",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1064695"
},
{
"name" : "https://github.com/linuxmint/cinnamon-screensaver/issues/44",
"refsource" : "CONFIRM",
"url" : "https://github.com/linuxmint/cinnamon-screensaver/issues/44"
},
{
"name" : "http://advisories.mageia.org/MGASA-2014-0374.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2014-0374.html"
},
{
"name" : "MDVSA-2015:162",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:162"
},
{
"name" : "USN-2475-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2475-1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140212 cinnamon-screensaver lock bypass (tested on Fedora 20)",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q1/327"
},
{
"name": "USN-2475-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2475-1"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759145",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759145"
},
{
"name": "MDVSA-2015:162",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:162"
},
{
"name": "https://github.com/linuxmint/cinnamon-screensaver/issues/44",
"refsource": "CONFIRM",
"url": "https://github.com/linuxmint/cinnamon-screensaver/issues/44"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0374.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0374.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1064695",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064695"
},
{
"name": "[oss-security] 20140212 Re: cinnamon-screensaver lock bypass (tested on Fedora 20)",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q1/331"
}
]
}
}

150
2014/4xxx/CVE-2014-4301.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4301",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the respond_error function in routing.py in Eugene Pankov Ajenti before 1.2.21.7 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) resources.js or (2) resources.css in ajenti:static/, related to the traceback page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.netsparker.com/critical-xss-vulnerabilities-in-ajenti",
"refsource" : "MISC",
"url" : "https://www.netsparker.com/critical-xss-vulnerabilities-in-ajenti"
},
{
"name" : "https://github.com/Eugeny/ajenti/commit/d3fc5eb142ff16d55d158afb050af18d5ff09120",
"refsource" : "CONFIRM",
"url" : "https://github.com/Eugeny/ajenti/commit/d3fc5eb142ff16d55d158afb050af18d5ff09120"
},
{
"name" : "68047",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68047"
},
{
"name" : "59177",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59177"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the respond_error function in routing.py in Eugene Pankov Ajenti before 1.2.21.7 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) resources.js or (2) resources.css in ajenti:static/, related to the traceback page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Eugeny/ajenti/commit/d3fc5eb142ff16d55d158afb050af18d5ff09120",
"refsource": "CONFIRM",
"url": "https://github.com/Eugeny/ajenti/commit/d3fc5eb142ff16d55d158afb050af18d5ff09120"
},
{
"name": "59177",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59177"
},
{
"name": "https://www.netsparker.com/critical-xss-vulnerabilities-in-ajenti",
"refsource": "MISC",
"url": "https://www.netsparker.com/critical-xss-vulnerabilities-in-ajenti"
},
{
"name": "68047",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68047"
}
]
}
}

170
2014/4xxx/CVE-2014-4352.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4352",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-4352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT6441",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT6441"
},
{
"name" : "APPLE-SA-2014-09-17-1",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html"
},
{
"name" : "69882",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69882"
},
{
"name" : "69932",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69932"
},
{
"name" : "1030866",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030866"
},
{
"name" : "appleios-cve20144352-info-disc(96084)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96084"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69932",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69932"
},
{
"name": "http://support.apple.com/kb/HT6441",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6441"
},
{
"name": "1030866",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030866"
},
{
"name": "69882",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69882"
},
{
"name": "APPLE-SA-2014-09-17-1",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html"
},
{
"name": "appleios-cve20144352-info-disc(96084)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96084"
}
]
}
}

210
2014/4xxx/CVE-2014-4373.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4373",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-4373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/kb/HT6535",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT6535"
},
{
"name" : "http://support.apple.com/kb/HT6441",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT6441"
},
{
"name" : "http://support.apple.com/kb/HT6442",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT6442"
},
{
"name" : "APPLE-SA-2014-09-17-1",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html"
},
{
"name" : "APPLE-SA-2014-09-17-2",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html"
},
{
"name" : "APPLE-SA-2014-10-16-1",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"
},
{
"name" : "69882",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69882"
},
{
"name" : "69934",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69934"
},
{
"name" : "1030866",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030866"
},
{
"name" : "appleios-cve20144373-dos(96108)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96108"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT6441",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6441"
},
{
"name": "appleios-cve20144373-dos(96108)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96108"
},
{
"name": "1030866",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030866"
},
{
"name": "http://support.apple.com/kb/HT6442",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6442"
},
{
"name": "APPLE-SA-2014-10-16-1",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"
},
{
"name": "APPLE-SA-2014-09-17-2",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html"
},
{
"name": "69882",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69882"
},
{
"name": "https://support.apple.com/kb/HT6535",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT6535"
},
{
"name": "APPLE-SA-2014-09-17-1",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html"
},
{
"name": "69934",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69934"
}
]
}
}

180
2014/4xxx/CVE-2014-4463.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4463",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apple iOS before 8.1.1 allows physically proximate attackers to bypass the lock-screen protection mechanism, and view or transmit a Photo Library photo, via the FaceTime \"Leave a Message\" feature."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-4463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/en-us/HT6590",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/en-us/HT6590"
},
{
"name" : "https://support.apple.com/en-us/HT204418",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/en-us/HT204418"
},
{
"name" : "APPLE-SA-2014-11-17-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html"
},
{
"name" : "71141",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71141"
},
{
"name" : "1031232",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031232"
},
{
"name" : "62504",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62504"
},
{
"name" : "appleios-cve20144463-sec-bypass(98778)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98778"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple iOS before 8.1.1 allows physically proximate attackers to bypass the lock-screen protection mechanism, and view or transmit a Photo Library photo, via the FaceTime \"Leave a Message\" feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2014-11-17-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html"
},
{
"name": "71141",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71141"
},
{
"name": "appleios-cve20144463-sec-bypass(98778)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98778"
},
{
"name": "https://support.apple.com/en-us/HT6590",
"refsource": "CONFIRM",
"url": "https://support.apple.com/en-us/HT6590"
},
{
"name": "62504",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62504"
},
{
"name": "1031232",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031232"
},
{
"name": "https://support.apple.com/en-us/HT204418",
"refsource": "CONFIRM",
"url": "https://support.apple.com/en-us/HT204418"
}
]
}
}

34
2014/4xxx/CVE-2014-4745.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4745",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4745",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/4xxx/CVE-2014-4916.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4916",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4916",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2014/4xxx/CVE-2014-4928.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4928",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Invision Power Board (aka IPB or IP.Board) before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the cId parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4928",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://dringen.blogspot.com.au/2014/07/invision-power-board-blind-sql.html",
"refsource" : "MISC",
"url" : "http://dringen.blogspot.com.au/2014/07/invision-power-board-blind-sql.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Invision Power Board (aka IPB or IP.Board) before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the cId parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dringen.blogspot.com.au/2014/07/invision-power-board-blind-sql.html",
"refsource": "MISC",
"url": "http://dringen.blogspot.com.au/2014/07/invision-power-board-blind-sql.html"
}
]
}
}

140
2014/5xxx/CVE-2014-5406.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5406",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, (c) HTTPS, or (d) UPNP port. NOTE: this issue might overlap CVE-2015-3459."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm",
"refsource" : "MISC",
"url" : "http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm"
},
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01"
},
{
"name" : "https://xs-sniper.com/blog/2015/06/08/hospira-plum-a-infusion-pump-vulnerabilities/",
"refsource" : "MISC",
"url" : "https://xs-sniper.com/blog/2015/06/08/hospira-plum-a-infusion-pump-vulnerabilities/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, (c) HTTPS, or (d) UPNP port. NOTE: this issue might overlap CVE-2015-3459."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01"
},
{
"name": "http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm",
"refsource": "MISC",
"url": "http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm"
},
{
"name": "https://xs-sniper.com/blog/2015/06/08/hospira-plum-a-infusion-pump-vulnerabilities/",
"refsource": "MISC",
"url": "https://xs-sniper.com/blog/2015/06/08/hospira-plum-a-infusion-pump-vulnerabilities/"
}
]
}
}

320
2014/9xxx/CVE-2014-9294.json
View File

@ -1,162 +1,162 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9294",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bk1.ntp.org/ntp-dev/util/ntp-keygen.c?PAGE=diffs&REV=4eae1b72298KRoBQmX-y8URCiRPH5g",
"refsource" : "CONFIRM",
"url" : "http://bk1.ntp.org/ntp-dev/util/ntp-keygen.c?PAGE=diffs&REV=4eae1b72298KRoBQmX-y8URCiRPH5g"
},
{
"name" : "http://bugs.ntp.org/show_bug.cgi?id=2666",
"refsource" : "CONFIRM",
"url" : "http://bugs.ntp.org/show_bug.cgi?id=2666"
},
{
"name" : "http://support.ntp.org/bin/view/Main/SecurityNotice",
"refsource" : "CONFIRM",
"url" : "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1176035",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1176035"
},
{
"name" : "http://advisories.mageia.org/MGASA-2014-0541.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2014-0541.html"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783",
"refsource" : "CONFIRM",
"url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783"
},
{
"name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232",
"refsource" : "CONFIRM",
"url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
},
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10103",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10103"
},
{
"name" : "20141222 Multiple Vulnerabilities in ntpd Affecting Cisco Products",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd"
},
{
"name" : "HPSBPV03266",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142469153211996&w=2"
},
{
"name" : "HPSBGN03277",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142590659431171&w=2"
},
{
"name" : "HPSBOV03505",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=144182594518755&w=2"
},
{
"name" : "HPSBUX03240",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142853370924302&w=2"
},
{
"name" : "SSRT101872",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142853370924302&w=2"
},
{
"name" : "MDVSA-2015:003",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:003"
},
{
"name" : "RHSA-2014:2025",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-2025.html"
},
{
"name" : "RHSA-2015:0104",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0104.html"
},
{
"name" : "VU#852879",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/852879"
},
{
"name" : "71762",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71762"
},
{
"name" : "62209",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62209"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141222 Multiple Vulnerabilities in ntpd Affecting Cisco Products",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd"
},
{
"name": "HPSBGN03277",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142590659431171&w=2"
},
{
"name": "http://bugs.ntp.org/show_bug.cgi?id=2666",
"refsource": "CONFIRM",
"url": "http://bugs.ntp.org/show_bug.cgi?id=2666"
},
{
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232",
"refsource": "CONFIRM",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10103",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10103"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0541.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0541.html"
},
{
"name": "VU#852879",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/852879"
},
{
"name": "HPSBUX03240",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142853370924302&w=2"
},
{
"name": "RHSA-2014:2025",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-2025.html"
},
{
"name": "71762",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71762"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1176035",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176035"
},
{
"name": "62209",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62209"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "RHSA-2015:0104",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0104.html"
},
{
"name": "HPSBOV03505",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=144182594518755&w=2"
},
{
"name": "SSRT101872",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142853370924302&w=2"
},
{
"name": "http://bk1.ntp.org/ntp-dev/util/ntp-keygen.c?PAGE=diffs&REV=4eae1b72298KRoBQmX-y8URCiRPH5g",
"refsource": "CONFIRM",
"url": "http://bk1.ntp.org/ntp-dev/util/ntp-keygen.c?PAGE=diffs&REV=4eae1b72298KRoBQmX-y8URCiRPH5g"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name": "HPSBPV03266",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142469153211996&w=2"
},
{
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783",
"refsource": "CONFIRM",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783"
},
{
"name": "MDVSA-2015:003",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:003"
}
]
}
}

150
2016/3xxx/CVE-2016-3282.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3282",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, SharePoint Server 2016, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-088",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088"
},
{
"name" : "91589",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91589"
},
{
"name" : "1036274",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036274"
},
{
"name" : "1036275",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036275"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, SharePoint Server 2016, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036274",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036274"
},
{
"name": "1036275",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036275"
},
{
"name": "MS16-088",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088"
},
{
"name": "91589",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91589"
}
]
}
}

140
2016/3xxx/CVE-2016-3461.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3461",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality, integrity, and availability via vectors related to Monitoring: Server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.tenable.com/security/research/tra-2016-11",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2016-11"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name" : "1035606",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035606"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality, integrity, and availability via vectors related to Monitoring: Server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2016-11",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2016-11"
},
{
"name": "1035606",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035606"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
}
]
}
}

140
2016/3xxx/CVE-2016-3751.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3751",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160709 Re: On anonymous CVE assignments",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/07/09/4"
},
{
"name" : "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"name" : "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca"
},
{
"name": "[oss-security] 20160709 Re: On anonymous CVE assignments",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/09/4"
},
{
"name": "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
}
]
}
}

150
2016/3xxx/CVE-2016-3880.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3880",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in rtsp/ASessionDescription.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 25747670."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3880",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-09-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-09-01.html"
},
{
"name" : "https://android.googlesource.com/platform/frameworks/av/+/68f67ef6cf1f41e77337be3bc4bff91f3a3c6324",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/av/+/68f67ef6cf1f41e77337be3bc4bff91f3a3c6324"
},
{
"name" : "92821",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92821"
},
{
"name" : "1036763",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036763"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in rtsp/ASessionDescription.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 25747670."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://android.googlesource.com/platform/frameworks/av/+/68f67ef6cf1f41e77337be3bc4bff91f3a3c6324",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/68f67ef6cf1f41e77337be3bc4bff91f3a3c6324"
},
{
"name": "92821",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92821"
},
{
"name": "http://source.android.com/security/bulletin/2016-09-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-09-01.html"
},
{
"name": "1036763",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036763"
}
]
}
}

34
2016/7xxx/CVE-2016-7362.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7362",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7362",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

170
2016/7xxx/CVE-2016-7621.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2016-7621",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Kernel\" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-7621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "40956",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40956/"
},
{
"name" : "https://support.apple.com/HT207422",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207422"
},
{
"name" : "https://support.apple.com/HT207423",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207423"
},
{
"name" : "https://support.apple.com/HT207487",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207487"
},
{
"name" : "94905",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94905"
},
{
"name" : "1037469",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037469"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Kernel\" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT207487",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207487"
},
{
"name": "https://support.apple.com/HT207422",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207422"
},
{
"name": "94905",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94905"
},
{
"name": "1037469",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037469"
},
{
"name": "https://support.apple.com/HT207423",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207423"
},
{
"name": "40956",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40956/"
}
]
}
}

34
2016/7xxx/CVE-2016-7631.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7631",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7631",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

170
2016/7xxx/CVE-2016-7993.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7993",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A bug in util-print.c:relts_print() in tcpdump before 4.9.0 could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html",
"refsource" : "CONFIRM",
"url" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html"
},
{
"name" : "DSA-3775",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3775"
},
{
"name" : "GLSA-201702-30",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201702-30"
},
{
"name" : "RHSA-2017:1871",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1871"
},
{
"name" : "95852",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95852"
},
{
"name" : "1037755",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037755"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A bug in util-print.c:relts_print() in tcpdump before 4.9.0 could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037755",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037755"
},
{
"name": "DSA-3775",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3775"
},
{
"name": "RHSA-2017:1871",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1871"
},
{
"name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html",
"refsource": "CONFIRM",
"url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html"
},
{
"name": "95852",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95852"
},
{
"name": "GLSA-201702-30",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-30"
}
]
}
}

34
2016/8xxx/CVE-2016-8091.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8091",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-8091",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

140
2016/8xxx/CVE-2016-8285.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2016-8285",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote administrators to affect confidentiality and integrity via vectors related to Candidate Gateway."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-8285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name" : "93723",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93723"
},
{
"name" : "1037046",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037046"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote administrators to affect confidentiality and integrity via vectors related to Candidate Gateway."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "93723",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93723"
},
{
"name": "1037046",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037046"
}
]
}
}

130
2016/8xxx/CVE-2016-8370.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2016-8370",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Mitsubishi Electric MELSEC-Q Series Ethernet Interface Module",
"version" : {
"version_data" : [
{
"version_value" : "Mitsubishi Electric MELSEC-Q Series Ethernet Interface Module"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. Weakly encrypted passwords are transmitted to a MELSEC-Q PLC."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Mitsubishi Electric MELSEC-Q Series Ethernet Interface Module weak encryption"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-8370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mitsubishi Electric MELSEC-Q Series Ethernet Interface Module",
"version": {
"version_data": [
{
"version_value": "Mitsubishi Electric MELSEC-Q Series Ethernet Interface Module"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-03",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-03"
},
{
"name" : "94632",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94632"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. Weakly encrypted passwords are transmitted to a MELSEC-Q PLC."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Mitsubishi Electric MELSEC-Q Series Ethernet Interface Module weak encryption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-03"
},
{
"name": "94632",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94632"
}
]
}
}

170
2016/8xxx/CVE-2016-8575.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8575",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2017-5482."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html",
"refsource" : "CONFIRM",
"url" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html"
},
{
"name" : "DSA-3775",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3775"
},
{
"name" : "GLSA-201702-30",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201702-30"
},
{
"name" : "RHSA-2017:1871",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1871"
},
{
"name" : "95852",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95852"
},
{
"name" : "1037755",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037755"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2017-5482."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037755",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037755"
},
{
"name": "DSA-3775",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3775"
},
{
"name": "RHSA-2017:1871",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1871"
},
{
"name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html",
"refsource": "CONFIRM",
"url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html"
},
{
"name": "95852",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95852"
},
{
"name": "GLSA-201702-30",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-30"
}
]
}
}

34
2016/8xxx/CVE-2016-8853.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8853",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-8853",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/9xxx/CVE-2016-9027.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9027",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9027",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2016/9xxx/CVE-2016-9283.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9283",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related to a \"sef URL\" issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/exponentcms/exponent-cms/commit/559792be727f4e731bfcb3935f5beec7749e9ce9",
"refsource" : "CONFIRM",
"url" : "https://github.com/exponentcms/exponent-cms/commit/559792be727f4e731bfcb3935f5beec7749e9ce9"
},
{
"name" : "94296",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94296"
},
{
"name" : "1037281",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037281"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related to a \"sef URL\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/exponentcms/exponent-cms/commit/559792be727f4e731bfcb3935f5beec7749e9ce9",
"refsource": "CONFIRM",
"url": "https://github.com/exponentcms/exponent-cms/commit/559792be727f4e731bfcb3935f5beec7749e9ce9"
},
{
"name": "94296",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94296"
},
{
"name": "1037281",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037281"
}
]
}
}

34
2016/9xxx/CVE-2016-9301.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9301",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-9301",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}

130
2016/9xxx/CVE-2016-9361.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2016-9361",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Moxa NPort",
"version" : {
"version_data" : [
{
"version_value" : "Moxa NPort"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Administration passwords can be retried without authenticating."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Moxa NPort Device password retrieval"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-9361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Moxa NPort",
"version": {
"version_data": [
{
"version_value": "Moxa NPort"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02"
},
{
"name" : "85965",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/85965"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Administration passwords can be retried without authenticating."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Moxa NPort Device password retrieval"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02"
},
{
"name": "85965",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/85965"
}
]
}
}

34
2019/2xxx/CVE-2019-2381.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2381",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2381",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2019/2xxx/CVE-2019-2468.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2468",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Outside In Technology",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "8.5.3"
},
{
"version_affected" : "=",
"version_value" : "8.5.4"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Outside In Technology",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.5.3"
},
{
"version_affected": "=",
"version_value": "8.5.4"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name" : "106569",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106569"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "106569",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106569"
}
]
}
}

140
2019/2xxx/CVE-2019-2553.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2553",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "VM VirtualBox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "5.2.24"
},
{
"version_affected" : "<",
"version_value" : "6.0.2"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2553",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VM VirtualBox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.2.24"
},
{
"version_affected": "<",
"version_value": "6.0.2"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name" : "106568",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106568"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "106568",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106568"
}
]
}
}

34
2019/2xxx/CVE-2019-2870.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2870",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2870",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}