admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:00:03 +00:00
parent 7e2b728fff
commit ee74876aa5
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
55 changed files with 5051 additions and 5051 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
2006/0xxx/CVE-2006-0055.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0055",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable filenames and does not confirm which file is being written, which allows local users to overwrite arbitrary files via a symlink attack when ee invokes ispell."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2006-0055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "FreeBSD-SA-06:02",
"refsource" : "FREEBSD",
"url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:02.ee.asc"
},
{
"name" : "16207",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16207"
},
{
"name" : "22320",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22320"
},
{
"name" : "1015469",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015469"
},
{
"name" : "18404",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18404"
},
{
"name" : "ee-ispell-op-symlink(24074)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24074"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable filenames and does not confirm which file is being written, which allows local users to overwrite arbitrary files via a symlink attack when ee invokes ispell."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16207",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16207"
},
{
"name": "FreeBSD-SA-06:02",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:02.ee.asc"
},
{
"name": "ee-ispell-op-symlink(24074)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24074"
},
{
"name": "1015469",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015469"
},
{
"name": "22320",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22320"
},
{
"name": "18404",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18404"
}
]
}
}

150
2006/0xxx/CVE-2006-0085.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0085",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Nkads 1.0 alfa 3 allows remote attackers to execute arbitrary SQL commands via the (1) usuario_nkads_admin or (2) password_nkads_admin parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.soulblack.com.ar/repo/papers/advisory/nkads_advisory.txt",
"refsource" : "MISC",
"url" : "http://www.soulblack.com.ar/repo/papers/advisory/nkads_advisory.txt"
},
{
"name" : "ADV-2006-0040",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0040"
},
{
"name" : "22206",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22206"
},
{
"name" : "18302",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18302"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Nkads 1.0 alfa 3 allows remote attackers to execute arbitrary SQL commands via the (1) usuario_nkads_admin or (2) password_nkads_admin parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0040",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0040"
},
{
"name": "http://www.soulblack.com.ar/repo/papers/advisory/nkads_advisory.txt",
"refsource": "MISC",
"url": "http://www.soulblack.com.ar/repo/papers/advisory/nkads_advisory.txt"
},
{
"name": "22206",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22206"
},
{
"name": "18302",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18302"
}
]
}
}

210
2006/0xxx/CVE-2006-0209.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0209",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in general_functions.php in TankLogger 2.4 allows remote attackers to execute arbitrary SQL commands via the (1) livestock_id parameter to showInfo.php and (2) tank_id parameter, possibly to livestock.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060112 [eVuln] TankLogger SQL Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/421743/100/0/threaded"
},
{
"name" : "20060113 Verified TankLogger SQl inject by source inspection",
"refsource" : "VIM",
"url" : "http://attrition.org/pipermail/vim/2006-January/000480.html"
},
{
"name" : "http://evuln.com/vulns/26/summary.html",
"refsource" : "MISC",
"url" : "http://evuln.com/vulns/26/summary.html"
},
{
"name" : "16228",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16228"
},
{
"name" : "ADV-2006-0153",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0153"
},
{
"name" : "22368",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22368"
},
{
"name" : "22369",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22369"
},
{
"name" : "18441",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18441"
},
{
"name" : "341",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/341"
},
{
"name" : "tanklogger-generalfunctions-sql-injection(24080)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24080"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in general_functions.php in TankLogger 2.4 allows remote attackers to execute arbitrary SQL commands via the (1) livestock_id parameter to showInfo.php and (2) tank_id parameter, possibly to livestock.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "tanklogger-generalfunctions-sql-injection(24080)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24080"
},
{
"name": "22368",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22368"
},
{
"name": "18441",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18441"
},
{
"name": "16228",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16228"
},
{
"name": "22369",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22369"
},
{
"name": "20060113 Verified TankLogger SQl inject by source inspection",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2006-January/000480.html"
},
{
"name": "341",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/341"
},
{
"name": "20060112 [eVuln] TankLogger SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421743/100/0/threaded"
},
{
"name": "http://evuln.com/vulns/26/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/26/summary.html"
},
{
"name": "ADV-2006-0153",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0153"
}
]
}
}

170
2006/0xxx/CVE-2006-0711.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0711",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) addfolder and (2) deletefolder functions in neomail-prefs.pl in NeoMail 1.28 do not validate the Session ID, which allows remote attackers to add and delete arbitrary files, when configured with homedirfolders and homedirspools disabled."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://secunia.com/secunia_research/2006-3/advisory/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2006-3/advisory/"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=392562&group_id=2874",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=392562&group_id=2874"
},
{
"name" : "16651",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16651"
},
{
"name" : "ADV-2006-0564",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0564"
},
{
"name" : "18785",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18785"
},
{
"name" : "neomail-neomailprefs-bypass-security(24737)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24737"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) addfolder and (2) deletefolder functions in neomail-prefs.pl in NeoMail 1.28 do not validate the Session ID, which allows remote attackers to add and delete arbitrary files, when configured with homedirfolders and homedirspools disabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0564",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0564"
},
{
"name": "http://secunia.com/secunia_research/2006-3/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2006-3/advisory/"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=392562&group_id=2874",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=392562&group_id=2874"
},
{
"name": "16651",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16651"
},
{
"name": "neomail-neomailprefs-bypass-security(24737)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24737"
},
{
"name": "18785",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18785"
}
]
}
}

170
2006/3xxx/CVE-2006-3273.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3273",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in menu.php in Some Chess 1.5 rc1 allows remote attackers to inject arbitrary web script or HTML via the user parameter (\"New Name\" field)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060620 Somechess v1.5 rc1 - XSS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/438009/100/0/threaded"
},
{
"name" : "18557",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18557"
},
{
"name" : "1016360",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016360"
},
{
"name" : "20770",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20770"
},
{
"name" : "1162",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1162"
},
{
"name" : "somechess-menu-xss(27307)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27307"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in menu.php in Some Chess 1.5 rc1 allows remote attackers to inject arbitrary web script or HTML via the user parameter (\"New Name\" field)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016360",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016360"
},
{
"name": "1162",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1162"
},
{
"name": "18557",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18557"
},
{
"name": "20060620 Somechess v1.5 rc1 - XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438009/100/0/threaded"
},
{
"name": "20770",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20770"
},
{
"name": "somechess-menu-xss(27307)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27307"
}
]
}
}

130
2006/3xxx/CVE-2006-3525.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3525",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in category.php in PHCDownload 1.0.0 Final and 1.0.0 Release Candidate 6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/06/phcdownload-sql-injection-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/06/phcdownload-sql-injection-vuln.html"
},
{
"name" : "phcdownload-category-sql-injection(27238)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27238"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in category.php in PHCDownload 1.0.0 Final and 1.0.0 Release Candidate 6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pridels0.blogspot.com/2006/06/phcdownload-sql-injection-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/06/phcdownload-sql-injection-vuln.html"
},
{
"name": "phcdownload-category-sql-injection(27238)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27238"
}
]
}
}

170
2006/3xxx/CVE-2006-3751.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3751",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in popups/ImageManager/config.inc.php in the HTMLArea3 Addon Component (com_htmlarea3_xtd-c) for ImageManager 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060712 [ECHO_ADV_38$2006] Multiple Mambo/Joomla Component Remote File Include Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-07/0180.html"
},
{
"name" : "http://advisories.echo.or.id/adv/adv38-matdhule-2006.txt",
"refsource" : "MISC",
"url" : "http://advisories.echo.or.id/adv/adv38-matdhule-2006.txt"
},
{
"name" : "2027",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2027"
},
{
"name" : "19047",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19047"
},
{
"name" : "1249",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1249"
},
{
"name" : "imagemanager-configinc-file-include(27721)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27721"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in popups/ImageManager/config.inc.php in the HTMLArea3 Addon Component (com_htmlarea3_xtd-c) for ImageManager 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060712 [ECHO_ADV_38$2006] Multiple Mambo/Joomla Component Remote File Include Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0180.html"
},
{
"name": "1249",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1249"
},
{
"name": "http://advisories.echo.or.id/adv/adv38-matdhule-2006.txt",
"refsource": "MISC",
"url": "http://advisories.echo.or.id/adv/adv38-matdhule-2006.txt"
},
{
"name": "2027",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2027"
},
{
"name": "19047",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19047"
},
{
"name": "imagemanager-configinc-file-include(27721)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27721"
}
]
}
}

120
2006/3xxx/CVE-2006-3762.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3762",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Touch Control ActiveX control 2.0.0.55 allows remote attackers to read and possibly execute arbitrary files via a \"file///\" URI in the sPath parameter to the Execute function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060705 Touch arbitrary file execute vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/439154/100/100/threaded"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Touch Control ActiveX control 2.0.0.55 allows remote attackers to read and possibly execute arbitrary files via a \"file///\" URI in the sPath parameter to the Execute function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060705 Touch arbitrary file execute vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439154/100/100/threaded"
}
]
}
}

150
2006/3xxx/CVE-2006-3816.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3816",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote connections in cleartext in the bookmark file (krbookmarks.xml), which allows attackers to steal passwords by obtaining the file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://krusader.sourceforge.net/phpBB/viewtopic.php?p=7965",
"refsource" : "CONFIRM",
"url" : "http://krusader.sourceforge.net/phpBB/viewtopic.php?p=7965"
},
{
"name" : "http://groups.google.com/group/krusader-news/browse_thread/thread/ec719041ed4a1a14",
"refsource" : "CONFIRM",
"url" : "http://groups.google.com/group/krusader-news/browse_thread/thread/ec719041ed4a1a14"
},
{
"name" : "19194",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19194"
},
{
"name" : "ADV-2006-2992",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2992"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote connections in cleartext in the bookmark file (krbookmarks.xml), which allows attackers to steal passwords by obtaining the file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19194",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19194"
},
{
"name": "http://groups.google.com/group/krusader-news/browse_thread/thread/ec719041ed4a1a14",
"refsource": "CONFIRM",
"url": "http://groups.google.com/group/krusader-news/browse_thread/thread/ec719041ed4a1a14"
},
{
"name": "ADV-2006-2992",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2992"
},
{
"name": "http://krusader.sourceforge.net/phpBB/viewtopic.php?p=7965",
"refsource": "CONFIRM",
"url": "http://krusader.sourceforge.net/phpBB/viewtopic.php?p=7965"
}
]
}
}

210
2006/4xxx/CVE-2006-4033.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4033",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Lhaplus.exe in Lhaplus 1.52, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LZH archive with a long header, as specified by the extendedHeaderSize."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060801 [vuln.sg] Lhaplus LHA Extended Header Handling Buffer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/441822/100/0/threaded"
},
{
"name" : "http://vuln.sg/lhaplus152-en.html",
"refsource" : "MISC",
"url" : "http://vuln.sg/lhaplus152-en.html"
},
{
"name" : "http://www7a.biglobe.ne.jp/~schezo/",
"refsource" : "CONFIRM",
"url" : "http://www7a.biglobe.ne.jp/~schezo/"
},
{
"name" : "19263",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19263"
},
{
"name" : "ADV-2006-3076",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3076"
},
{
"name" : "27667",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27667"
},
{
"name" : "1016615",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016615"
},
{
"name" : "21256",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21256"
},
{
"name" : "1351",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1351"
},
{
"name" : "lhaplus-lzh-header-bo(28102)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28102"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Lhaplus.exe in Lhaplus 1.52, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LZH archive with a long header, as specified by the extendedHeaderSize."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "lhaplus-lzh-header-bo(28102)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28102"
},
{
"name": "21256",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21256"
},
{
"name": "20060801 [vuln.sg] Lhaplus LHA Extended Header Handling Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441822/100/0/threaded"
},
{
"name": "19263",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19263"
},
{
"name": "27667",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27667"
},
{
"name": "http://www7a.biglobe.ne.jp/~schezo/",
"refsource": "CONFIRM",
"url": "http://www7a.biglobe.ne.jp/~schezo/"
},
{
"name": "1016615",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016615"
},
{
"name": "http://vuln.sg/lhaplus152-en.html",
"refsource": "MISC",
"url": "http://vuln.sg/lhaplus152-en.html"
},
{
"name": "1351",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1351"
},
{
"name": "ADV-2006-3076",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3076"
}
]
}
}

34
2006/4xxx/CVE-2006-4149.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4149",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4149",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

340
2006/4xxx/CVE-2006-4625.json
View File

@ -1,172 +1,172 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4625",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060909 PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore()",
"refsource" : "SREASONRES",
"url" : "http://securityreason.com/achievement_securityalert/42"
},
{
"name" : "20060909 Re: PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore()",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445712/100/0/threaded"
},
{
"name" : "20060913 Re: PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore()",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445882/100/0/threaded"
},
{
"name" : "HPSBMA02215",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506"
},
{
"name" : "SSRT071423",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506"
},
{
"name" : "HPSBTU02232",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137"
},
{
"name" : "SSRT071429",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137"
},
{
"name" : "MDKSA-2006:185",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:185"
},
{
"name" : "OpenPKG-SA-2006.023",
"refsource" : "OPENPKG",
"url" : "http://www.securityfocus.com/archive/1/448953/100/0/threaded"
},
{
"name" : "SUSE-SA:2006:059",
"refsource" : "SUSE",
"url" : "http://lists.suse.com/archive/suse-security-announce/2006-Oct/0002.html"
},
{
"name" : "TLSA-2006-38",
"refsource" : "TURBO",
"url" : "http://www.turbolinux.com/security/2006/TLSA-2006-38.txt"
},
{
"name" : "USN-362-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-362-1"
},
{
"name" : "19933",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19933"
},
{
"name" : "ADV-2007-1991",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1991"
},
{
"name" : "ADV-2007-2374",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2374"
},
{
"name" : "22282",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22282"
},
{
"name" : "22338",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22338"
},
{
"name" : "22424",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22424"
},
{
"name" : "22331",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22331"
},
{
"name" : "25423",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25423"
},
{
"name" : "25850",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25850"
},
{
"name" : "1519",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1519"
},
{
"name" : "php-inirestore-security-bypass(28853)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28853"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-1991",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1991"
},
{
"name": "22338",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22338"
},
{
"name": "SSRT071423",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506"
},
{
"name": "20060909 Re: PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore()",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445712/100/0/threaded"
},
{
"name": "OpenPKG-SA-2006.023",
"refsource": "OPENPKG",
"url": "http://www.securityfocus.com/archive/1/448953/100/0/threaded"
},
{
"name": "1519",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1519"
},
{
"name": "TLSA-2006-38",
"refsource": "TURBO",
"url": "http://www.turbolinux.com/security/2006/TLSA-2006-38.txt"
},
{
"name": "USN-362-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-362-1"
},
{
"name": "20060913 Re: PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore()",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445882/100/0/threaded"
},
{
"name": "HPSBTU02232",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137"
},
{
"name": "SSRT071429",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137"
},
{
"name": "ADV-2007-2374",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2374"
},
{
"name": "25423",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25423"
},
{
"name": "22282",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22282"
},
{
"name": "19933",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19933"
},
{
"name": "php-inirestore-security-bypass(28853)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28853"
},
{
"name": "HPSBMA02215",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506"
},
{
"name": "SUSE-SA:2006:059",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Oct/0002.html"
},
{
"name": "MDKSA-2006:185",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:185"
},
{
"name": "22331",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22331"
},
{
"name": "25850",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25850"
},
{
"name": "20060909 PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore()",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/42"
},
{
"name": "22424",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22424"
}
]
}
}

170
2006/4xxx/CVE-2006-4679.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4679",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DokuWiki before 2006-03-09c enables the debug feature by default, which allows remote attackers to obtain sensitive information by calling doku.php with the X-DOKUWIKI-DO HTTP header set to \"debug\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060907 DokuWiki <= 2006-03-09brel /bin/dwpage.php remote commands execution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445516/100/0/threaded"
},
{
"name" : "http://retrogod.altervista.org/dokuwiki_2006-03-09b_cmd.html",
"refsource" : "MISC",
"url" : "http://retrogod.altervista.org/dokuwiki_2006-03-09b_cmd.html"
},
{
"name" : "GLSA-200609-10",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200609-10.xml"
},
{
"name" : "21936",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21936"
},
{
"name" : "1537",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1537"
},
{
"name" : "dokuwiki-doku-information-disclosure(28819)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28819"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DokuWiki before 2006-03-09c enables the debug feature by default, which allows remote attackers to obtain sensitive information by calling doku.php with the X-DOKUWIKI-DO HTTP header set to \"debug\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://retrogod.altervista.org/dokuwiki_2006-03-09b_cmd.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/dokuwiki_2006-03-09b_cmd.html"
},
{
"name": "1537",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1537"
},
{
"name": "dokuwiki-doku-information-disclosure(28819)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28819"
},
{
"name": "GLSA-200609-10",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200609-10.xml"
},
{
"name": "21936",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21936"
},
{
"name": "20060907 DokuWiki <= 2006-03-09brel /bin/dwpage.php remote commands execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445516/100/0/threaded"
}
]
}
}

140
2006/6xxx/CVE-2006-6858.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6858",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Miredo 0.9.8 through 1.0.5 does not properly authenticate a Teredo bubble during UDP hole punching with HMAC-MD5-64 hashing, which allows remote attackers to impersonate an arbitrary Teredo client."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6858",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.simphalempin.com/dev/miredo/mtfl-sa-0604.shtml.en",
"refsource" : "CONFIRM",
"url" : "http://www.simphalempin.com/dev/miredo/mtfl-sa-0604.shtml.en"
},
{
"name" : "ADV-2007-0029",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0029"
},
{
"name" : "23596",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23596"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Miredo 0.9.8 through 1.0.5 does not properly authenticate a Teredo bubble during UDP hole punching with HMAC-MD5-64 hashing, which allows remote attackers to impersonate an arbitrary Teredo client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.simphalempin.com/dev/miredo/mtfl-sa-0604.shtml.en",
"refsource": "CONFIRM",
"url": "http://www.simphalempin.com/dev/miredo/mtfl-sa-0604.shtml.en"
},
{
"name": "ADV-2007-0029",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0029"
},
{
"name": "23596",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23596"
}
]
}
}

390
2006/7xxx/CVE-2006-7230.json
View File

@ -1,197 +1,197 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7230",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-7230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=384801",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=384801"
},
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=198976",
"refsource" : "MISC",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"name" : "http://www.pcre.org/changelog.txt",
"refsource" : "CONFIRM",
"url" : "http://www.pcre.org/changelog.txt"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm"
},
{
"name" : "DSA-1570",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1570"
},
{
"name" : "GLSA-200711-30",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"name" : "GLSA-200801-02",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"name" : "GLSA-200801-18",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"name" : "GLSA-200801-19",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"name" : "GLSA-200805-11",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"name" : "MDVSA-2008:030",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:030"
},
{
"name" : "RHSA-2007:1059",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-1059.html"
},
{
"name" : "RHSA-2007:1068",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-1068.html"
},
{
"name" : "SUSE-SA:2007:062",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"name" : "SUSE-SA:2008:004",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"
},
{
"name" : "26550",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26550"
},
{
"name" : "oval:org.mitre.oval:def:10911",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10911"
},
{
"name" : "27741",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27741"
},
{
"name" : "27773",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27773"
},
{
"name" : "28041",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28041"
},
{
"name" : "28406",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28406"
},
{
"name" : "28414",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28414"
},
{
"name" : "28658",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28658"
},
{
"name" : "28714",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28714"
},
{
"name" : "28720",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28720"
},
{
"name" : "30155",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30155"
},
{
"name" : "30219",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30219"
},
{
"name" : "30106",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30106"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30219",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30219"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=384801",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=384801"
},
{
"name": "GLSA-200711-30",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"name": "MDVSA-2008:030",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:030"
},
{
"name": "DSA-1570",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"name": "SUSE-SA:2008:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"
},
{
"name": "28658",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28658"
},
{
"name": "27773",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27773"
},
{
"name": "28406",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28406"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm"
},
{
"name": "RHSA-2007:1068",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1068.html"
},
{
"name": "GLSA-200805-11",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"name": "oval:org.mitre.oval:def:10911",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10911"
},
{
"name": "RHSA-2007:1059",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1059.html"
},
{
"name": "26550",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26550"
},
{
"name": "28041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28041"
},
{
"name": "27741",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27741"
},
{
"name": "SUSE-SA:2007:062",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"name": "http://www.pcre.org/changelog.txt",
"refsource": "CONFIRM",
"url": "http://www.pcre.org/changelog.txt"
},
{
"name": "30155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30155"
},
{
"name": "28720",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28720"
},
{
"name": "GLSA-200801-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=198976",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"name": "GLSA-200801-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"name": "GLSA-200801-18",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"name": "28414",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28414"
},
{
"name": "30106",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30106"
},
{
"name": "28714",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28714"
}
]
}
}

150
2010/2xxx/CVE-2010-2028.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2028",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in k23productions TFTPUtil GUI (aka TFTPGUI) 1.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long transport mode."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "12482",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/12482"
},
{
"name" : "12530",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/12530"
},
{
"name" : "39872",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39872"
},
{
"name" : "tftpgui-mode-bo(58283)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58283"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in k23productions TFTPUtil GUI (aka TFTPGUI) 1.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long transport mode."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39872",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39872"
},
{
"name": "12482",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12482"
},
{
"name": "tftpgui-mode-bo(58283)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58283"
},
{
"name": "12530",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12530"
}
]
}
}

150
2010/2xxx/CVE-2010-2298.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2298",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "browser/renderer_host/database_dispatcher_host.cc in Google Chrome before 5.0.375.70 on Linux does not properly handle ViewHostMsg_DatabaseOpenFile messages in chroot-based sandboxing, which allows remote attackers to bypass intended sandbox restrictions via vectors involving fchdir and chdir calls."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=43304",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=43304"
},
{
"name" : "http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html"
},
{
"name" : "oval:org.mitre.oval:def:14154",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14154"
},
{
"name" : "40072",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40072"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "browser/renderer_host/database_dispatcher_host.cc in Google Chrome before 5.0.375.70 on Linux does not properly handle ViewHostMsg_DatabaseOpenFile messages in chroot-based sandboxing, which allows remote attackers to bypass intended sandbox restrictions via vectors involving fchdir and chdir calls."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40072",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40072"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=43304",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=43304"
},
{
"name": "oval:org.mitre.oval:def:14154",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14154"
},
{
"name": "http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html"
}
]
}
}

210
2010/2xxx/CVE-2010-2537.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2537",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a (1) BTRFS_IOC_CLONE or (2) BTRFS_IOC_CLONE_RANGE ioctl call that specifies this file as a donor."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100721 CVE request: kernel: btrfs",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/07/21/4"
},
{
"name" : "[oss-security] 20100721 Re: CVE request: kernel: btrfs",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/07/21/10"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2ebc3464781ad24474abcbd2274e6254689853b5",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2ebc3464781ad24474abcbd2274e6254689853b5"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=616998",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=616998"
},
{
"name" : "SUSE-SA:2010:040",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html"
},
{
"name" : "USN-1041-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1041-1"
},
{
"name" : "41847",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41847"
},
{
"name" : "42758",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42758"
},
{
"name" : "ADV-2011-0070",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0070"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a (1) BTRFS_IOC_CLONE or (2) BTRFS_IOC_CLONE_RANGE ioctl call that specifies this file as a donor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1041-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1041-1"
},
{
"name": "[oss-security] 20100721 Re: CVE request: kernel: btrfs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/07/21/10"
},
{
"name": "SUSE-SA:2010:040",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35"
},
{
"name": "42758",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42758"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=616998",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=616998"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2ebc3464781ad24474abcbd2274e6254689853b5",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2ebc3464781ad24474abcbd2274e6254689853b5"
},
{
"name": "ADV-2011-0070",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0070"
},
{
"name": "[oss-security] 20100721 CVE request: kernel: btrfs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/07/21/4"
},
{
"name": "41847",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41847"
}
]
}
}

250
2010/2xxx/CVE-2010-2766.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2766",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execute arbitrary code via vectors involving access to a deleted object."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2766",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-176/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-176/"
},
{
"name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-57.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-57.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=580445",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=580445"
},
{
"name" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox",
"refsource" : "CONFIRM",
"url" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100112690",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100112690"
},
{
"name" : "DSA-2106",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2106"
},
{
"name" : "FEDORA-2010-14362",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html"
},
{
"name" : "MDVSA-2010:173",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:173"
},
{
"name" : "SUSE-SA:2010:049",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html"
},
{
"name" : "43100",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43100"
},
{
"name" : "oval:org.mitre.oval:def:11778",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11778"
},
{
"name" : "42867",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42867"
},
{
"name" : "ADV-2010-2323",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2323"
},
{
"name" : "ADV-2011-0061",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0061"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execute arbitrary code via vectors involving access to a deleted object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-176/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-176/"
},
{
"name": "SUSE-SA:2010:049",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=580445",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=580445"
},
{
"name": "43100",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43100"
},
{
"name": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox",
"refsource": "CONFIRM",
"url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox"
},
{
"name": "FEDORA-2010-14362",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html"
},
{
"name": "http://support.avaya.com/css/P8/documents/100112690",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100112690"
},
{
"name": "42867",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42867"
},
{
"name": "ADV-2011-0061",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0061"
},
{
"name": "oval:org.mitre.oval:def:11778",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11778"
},
{
"name": "http://www.mozilla.org/security/announce/2010/mfsa2010-57.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-57.html"
},
{
"name": "MDVSA-2010:173",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:173"
},
{
"name": "ADV-2010-2323",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2323"
},
{
"name": "DSA-2106",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2106"
}
]
}
}

240
2010/2xxx/CVE-2010-2769.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2769",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject arbitrary web script or HTML via a selection that is added to a document in which the designMode property is enabled."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-62.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-62.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=520189",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=520189"
},
{
"name" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox",
"refsource" : "CONFIRM",
"url" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100112690",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100112690"
},
{
"name" : "DSA-2106",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2106"
},
{
"name" : "FEDORA-2010-14362",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html"
},
{
"name" : "MDVSA-2010:173",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:173"
},
{
"name" : "SUSE-SA:2010:049",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html"
},
{
"name" : "43106",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43106"
},
{
"name" : "oval:org.mitre.oval:def:12192",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12192"
},
{
"name" : "42867",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42867"
},
{
"name" : "ADV-2010-2323",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2323"
},
{
"name" : "ADV-2011-0061",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0061"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject arbitrary web script or HTML via a selection that is added to a document in which the designMode property is enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mozilla.org/security/announce/2010/mfsa2010-62.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-62.html"
},
{
"name": "SUSE-SA:2010:049",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html"
},
{
"name": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox",
"refsource": "CONFIRM",
"url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox"
},
{
"name": "FEDORA-2010-14362",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html"
},
{
"name": "http://support.avaya.com/css/P8/documents/100112690",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100112690"
},
{
"name": "43106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43106"
},
{
"name": "42867",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42867"
},
{
"name": "ADV-2011-0061",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0061"
},
{
"name": "MDVSA-2010:173",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:173"
},
{
"name": "oval:org.mitre.oval:def:12192",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12192"
},
{
"name": "ADV-2010-2323",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2323"
},
{
"name": "DSA-2106",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2106"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=520189",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=520189"
}
]
}
}

150
2010/2xxx/CVE-2010-2886.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2886",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-23.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-23.html"
},
{
"name" : "1024611",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024611"
},
{
"name" : "41870",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41870"
},
{
"name" : "ADV-2010-2718",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2718"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-2718",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2718"
},
{
"name": "41870",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41870"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-23.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-23.html"
},
{
"name": "1024611",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024611"
}
]
}
}

160
2010/3xxx/CVE-2010-3606.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3606",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in AGENTS/index.php in NetArt MEDIA Real Estate Portal 2.0 allow remote emote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) folder and (2) action parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels-team.blogspot.com/2010/09/netartmedia-real-estate-portal-v20-xss.html",
"refsource" : "MISC",
"url" : "http://pridels-team.blogspot.com/2010/09/netartmedia-real-estate-portal-v20-xss.html"
},
{
"name" : "43266",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43266"
},
{
"name" : "68062",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/68062"
},
{
"name" : "41377",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41377"
},
{
"name" : "realestateportal-index-file-include(61867)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61867"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in AGENTS/index.php in NetArt MEDIA Real Estate Portal 2.0 allow remote emote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) folder and (2) action parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68062",
"refsource": "OSVDB",
"url": "http://osvdb.org/68062"
},
{
"name": "http://pridels-team.blogspot.com/2010/09/netartmedia-real-estate-portal-v20-xss.html",
"refsource": "MISC",
"url": "http://pridels-team.blogspot.com/2010/09/netartmedia-real-estate-portal-v20-xss.html"
},
{
"name": "43266",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43266"
},
{
"name": "41377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41377"
},
{
"name": "realestateportal-index-file-include(61867)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61867"
}
]
}
}

210
2010/3xxx/CVE-2010-3820.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3820",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses uninitialized memory during processing of editable elements, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-3820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4455",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4455"
},
{
"name" : "http://support.apple.com/kb/HT4456",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4456"
},
{
"name" : "APPLE-SA-2010-11-18-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html"
},
{
"name" : "APPLE-SA-2010-11-22-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"name" : "SUSE-SR:2011:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name" : "oval:org.mitre.oval:def:11972",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11972"
},
{
"name" : "42314",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42314"
},
{
"name" : "43068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43068"
},
{
"name" : "ADV-2010-3046",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3046"
},
{
"name" : "ADV-2011-0212",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0212"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses uninitialized memory during processing of editable elements, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "http://support.apple.com/kb/HT4455",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4455"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "ADV-2010-3046",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3046"
},
{
"name": "oval:org.mitre.oval:def:11972",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11972"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "APPLE-SA-2010-11-18-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html"
},
{
"name": "42314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42314"
},
{
"name": "http://support.apple.com/kb/HT4456",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "APPLE-SA-2010-11-22-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
]
}
}

270
2010/3xxx/CVE-2010-3971.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3971",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka \"CSS Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-3971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15708",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15708"
},
{
"name" : "15746",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15746"
},
{
"name" : "20101208 IE CSS parser dos bug",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2010/Dec/110"
},
{
"name" : "http://www.breakingpointsystems.com/community/blog/ie-vulnerability/",
"refsource" : "MISC",
"url" : "http://www.breakingpointsystems.com/community/blog/ie-vulnerability/"
},
{
"name" : "http://www.wooyun.org/bugs/wooyun-2010-0885",
"refsource" : "MISC",
"url" : "http://www.wooyun.org/bugs/wooyun-2010-0885"
},
{
"name" : "http://www.microsoft.com/technet/security/advisory/2488013.mspx",
"refsource" : "MISC",
"url" : "http://www.microsoft.com/technet/security/advisory/2488013.mspx"
},
{
"name" : "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx",
"refsource" : "MISC",
"url" : "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100127294",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100127294"
},
{
"name" : "MS11-003",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-003"
},
{
"name" : "VU#634956",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/634956"
},
{
"name" : "45246",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45246"
},
{
"name" : "oval:org.mitre.oval:def:12382",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12382"
},
{
"name" : "1024922",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024922"
},
{
"name" : "42510",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42510"
},
{
"name" : "ADV-2010-3156",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3156"
},
{
"name" : "ADV-2011-0318",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0318"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka \"CSS Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#634956",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/634956"
},
{
"name": "http://www.microsoft.com/technet/security/advisory/2488013.mspx",
"refsource": "MISC",
"url": "http://www.microsoft.com/technet/security/advisory/2488013.mspx"
},
{
"name": "15746",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15746"
},
{
"name": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx",
"refsource": "MISC",
"url": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx"
},
{
"name": "http://www.breakingpointsystems.com/community/blog/ie-vulnerability/",
"refsource": "MISC",
"url": "http://www.breakingpointsystems.com/community/blog/ie-vulnerability/"
},
{
"name": "http://support.avaya.com/css/P8/documents/100127294",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100127294"
},
{
"name": "ADV-2011-0318",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0318"
},
{
"name": "15708",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15708"
},
{
"name": "ADV-2010-3156",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3156"
},
{
"name": "MS11-003",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-003"
},
{
"name": "1024922",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024922"
},
{
"name": "http://www.wooyun.org/bugs/wooyun-2010-0885",
"refsource": "MISC",
"url": "http://www.wooyun.org/bugs/wooyun-2010-0885"
},
{
"name": "20101208 IE CSS parser dos bug",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2010/Dec/110"
},
{
"name": "45246",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45246"
},
{
"name": "oval:org.mitre.oval:def:12382",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12382"
},
{
"name": "42510",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42510"
}
]
}
}

170
2011/0xxx/CVE-2011-0039.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0039",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka \"LSASS Length Validation Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-0039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS11-014",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-014"
},
{
"name" : "46152",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46152"
},
{
"name" : "oval:org.mitre.oval:def:12537",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12537"
},
{
"name" : "1025049",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025049"
},
{
"name" : "43253",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43253"
},
{
"name" : "ADV-2011-0327",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0327"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka \"LSASS Length Validation Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46152",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46152"
},
{
"name": "43253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43253"
},
{
"name": "ADV-2011-0327",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0327"
},
{
"name": "MS11-014",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-014"
},
{
"name": "1025049",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025049"
},
{
"name": "oval:org.mitre.oval:def:12537",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12537"
}
]
}
}

130
2011/0xxx/CVE-2011-0848.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0848",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Security Framework component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to User Model."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2011-0848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html"
},
{
"name" : "TA11-201A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Security Framework component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to User Model."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA11-201A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html"
}
]
}
}

220
2011/1xxx/CVE-2011-1229.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1229",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other \"Vulnerability Type 2\" CVEs listed in MS11-034, aka \"Win32k Null Pointer De-reference Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-1229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx",
"refsource" : "MISC",
"url" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100133352",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100133352"
},
{
"name" : "MS11-034",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034"
},
{
"name" : "TA11-102A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name" : "47229",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47229"
},
{
"name" : "71735",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/71735"
},
{
"name" : "oval:org.mitre.oval:def:12503",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12503"
},
{
"name" : "1025345",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025345"
},
{
"name" : "44156",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44156"
},
{
"name" : "ADV-2011-0952",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0952"
},
{
"name" : "mswin-win32k-var17-priv-escalation(66411)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66411"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other \"Vulnerability Type 2\" CVEs listed in MS11-034, aka \"Win32k Null Pointer De-reference Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47229",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47229"
},
{
"name": "TA11-102A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name": "mswin-win32k-var17-priv-escalation(66411)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66411"
},
{
"name": "MS11-034",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034"
},
{
"name": "ADV-2011-0952",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0952"
},
{
"name": "oval:org.mitre.oval:def:12503",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12503"
},
{
"name": "http://support.avaya.com/css/P8/documents/100133352",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100133352"
},
{
"name": "44156",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44156"
},
{
"name": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx",
"refsource": "MISC",
"url": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx"
},
{
"name": "1025345",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025345"
},
{
"name": "71735",
"refsource": "OSVDB",
"url": "http://osvdb.org/71735"
}
]
}
}

130
2011/1xxx/CVE-2011-1822.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1822",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The LDAP_ADD implementation in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0009 stores a cleartext SHA password in the change log, which might allow local users to obtain sensitive information by reading this log."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1822",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg24029663",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg24029663"
},
{
"name" : "IO11882",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg1IO11882"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LDAP_ADD implementation in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0009 stores a cleartext SHA password in the change log, which might allow local users to obtain sensitive information by reading this log."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IO11882",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IO11882"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg24029663",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029663"
}
]
}
}

290
2011/1xxx/CVE-2011-1958.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1958",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Diameter dictionary file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110531 CVE request for Wireshark 1.4.6/1.2.16 Multiple DoS issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/05/31/20"
},
{
"name" : "[oss-security] 20110601 Re: CVE request for Wireshark 1.4.6/1.2.16 Multiple DoS issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/06/01/1"
},
{
"name" : "[oss-security] 20110601 Re: CVE request for Wireshark 1.4.6/1.2.16 Multiple DoS issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/06/01/11"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2011-07.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2011-07.html"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2011-08.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2011-08.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=710184",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=710184"
},
{
"name" : "DSA-2274",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2274"
},
{
"name" : "FEDORA-2011-7821",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061290.html"
},
{
"name" : "FEDORA-2011-7846",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061437.html"
},
{
"name" : "FEDORA-2011-7858",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061477.html"
},
{
"name" : "RHSA-2013:0125",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0125.html"
},
{
"name" : "48066",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/48066"
},
{
"name" : "oval:org.mitre.oval:def:15045",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15045"
},
{
"name" : "44449",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44449"
},
{
"name" : "45149",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/45149"
},
{
"name" : "44958",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44958"
},
{
"name" : "48947",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48947"
},
{
"name" : "wireshark-diameter-dos(67791)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67791"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Diameter dictionary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44958",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44958"
},
{
"name": "FEDORA-2011-7846",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061437.html"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2011-07.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2011-07.html"
},
{
"name": "RHSA-2013:0125",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0125.html"
},
{
"name": "48947",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48947"
},
{
"name": "48066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48066"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2011-08.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2011-08.html"
},
{
"name": "wireshark-diameter-dos(67791)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67791"
},
{
"name": "DSA-2274",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2274"
},
{
"name": "44449",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44449"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=710184",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=710184"
},
{
"name": "[oss-security] 20110601 Re: CVE request for Wireshark 1.4.6/1.2.16 Multiple DoS issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/06/01/11"
},
{
"name": "oval:org.mitre.oval:def:15045",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15045"
},
{
"name": "[oss-security] 20110601 Re: CVE request for Wireshark 1.4.6/1.2.16 Multiple DoS issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/06/01/1"
},
{
"name": "FEDORA-2011-7821",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061290.html"
},
{
"name": "[oss-security] 20110531 CVE request for Wireshark 1.4.6/1.2.16 Multiple DoS issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/05/31/20"
},
{
"name": "FEDORA-2011-7858",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061477.html"
},
{
"name": "45149",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45149"
}
]
}
}

160
2011/5xxx/CVE-2011-5047.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5047",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in status_rrd_graph.php in pfSense before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the style parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog.pfsense.org/?p=633",
"refsource" : "MISC",
"url" : "http://blog.pfsense.org/?p=633"
},
{
"name" : "51169",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51169"
},
{
"name" : "77981",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/77981"
},
{
"name" : "46780",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46780"
},
{
"name" : "pfsense-style-xss(72090)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72090"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in status_rrd_graph.php in pfSense before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the style parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51169",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51169"
},
{
"name": "77981",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/77981"
},
{
"name": "pfsense-style-xss(72090)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72090"
},
{
"name": "http://blog.pfsense.org/?p=633",
"refsource": "MISC",
"url": "http://blog.pfsense.org/?p=633"
},
{
"name": "46780",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46780"
}
]
}
}

34
2014/3xxx/CVE-2014-3142.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3142",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3142",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

190
2014/3xxx/CVE-2014-3182.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3182",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Array index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (invalid kfree) via a crafted device that provides a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2014-3182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140911 Multiple Linux USB driver CVE assignment",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/09/11/21"
},
{
"name" : "https://code.google.com/p/google-security-research/issues/detail?id=89",
"refsource" : "MISC",
"url" : "https://code.google.com/p/google-security-research/issues/detail?id=89"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ad3e14d7c5268c2e24477c6ef54bbdf88add5d36",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ad3e14d7c5268c2e24477c6ef54bbdf88add5d36"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.2",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1141210",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1141210"
},
{
"name" : "https://github.com/torvalds/linux/commit/ad3e14d7c5268c2e24477c6ef54bbdf88add5d36",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/ad3e14d7c5268c2e24477c6ef54bbdf88add5d36"
},
{
"name" : "RHSA-2014:1318",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1318.html"
},
{
"name" : "69770",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69770"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Array index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (invalid kfree) via a crafted device that provides a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:1318",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1318.html"
},
{
"name": "https://github.com/torvalds/linux/commit/ad3e14d7c5268c2e24477c6ef54bbdf88add5d36",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/ad3e14d7c5268c2e24477c6ef54bbdf88add5d36"
},
{
"name": "69770",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69770"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ad3e14d7c5268c2e24477c6ef54bbdf88add5d36",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ad3e14d7c5268c2e24477c6ef54bbdf88add5d36"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.2",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.2"
},
{
"name": "[oss-security] 20140911 Multiple Linux USB driver CVE assignment",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/09/11/21"
},
{
"name": "https://code.google.com/p/google-security-research/issues/detail?id=89",
"refsource": "MISC",
"url": "https://code.google.com/p/google-security-research/issues/detail?id=89"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1141210",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1141210"
}
]
}
}

250
2014/3xxx/CVE-2014-3490.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3490",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0818."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ronsigal/Resteasy/commit/9b7d0f574cafdcf3bea5428f3145ab4908fc6d83",
"refsource" : "MISC",
"url" : "https://github.com/ronsigal/Resteasy/commit/9b7d0f574cafdcf3bea5428f3145ab4908fc6d83"
},
{
"name" : "https://github.com/resteasy/Resteasy/pull/521",
"refsource" : "CONFIRM",
"url" : "https://github.com/resteasy/Resteasy/pull/521"
},
{
"name" : "https://github.com/resteasy/Resteasy/pull/533",
"refsource" : "CONFIRM",
"url" : "https://github.com/resteasy/Resteasy/pull/533"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "RHSA-2014:1011",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1011.html"
},
{
"name" : "RHSA-2014:1039",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1039.html"
},
{
"name" : "RHSA-2014:1040",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1040.html"
},
{
"name" : "RHSA-2014:1298",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1298.html"
},
{
"name" : "RHSA-2015:0125",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0125.html"
},
{
"name" : "RHSA-2015:0675",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
},
{
"name" : "RHSA-2015:0720",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
},
{
"name" : "RHSA-2015:0765",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
},
{
"name" : "69058",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69058"
},
{
"name" : "60019",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60019"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0818."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ronsigal/Resteasy/commit/9b7d0f574cafdcf3bea5428f3145ab4908fc6d83",
"refsource": "MISC",
"url": "https://github.com/ronsigal/Resteasy/commit/9b7d0f574cafdcf3bea5428f3145ab4908fc6d83"
},
{
"name": "RHSA-2015:0765",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
},
{
"name": "RHSA-2015:0675",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
},
{
"name": "60019",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60019"
},
{
"name": "RHSA-2015:0720",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
},
{
"name": "https://github.com/resteasy/Resteasy/pull/521",
"refsource": "CONFIRM",
"url": "https://github.com/resteasy/Resteasy/pull/521"
},
{
"name": "https://github.com/resteasy/Resteasy/pull/533",
"refsource": "CONFIRM",
"url": "https://github.com/resteasy/Resteasy/pull/533"
},
{
"name": "RHSA-2014:1039",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1039.html"
},
{
"name": "69058",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69058"
},
{
"name": "RHSA-2015:0125",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0125.html"
},
{
"name": "RHSA-2014:1040",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1040.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "RHSA-2014:1011",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1011.html"
},
{
"name": "RHSA-2014:1298",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1298.html"
}
]
}
}

160
2014/3xxx/CVE-2014-3604.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3604",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3604",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1131803",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1131803"
},
{
"name" : "https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3604.yaml",
"refsource" : "MISC",
"url" : "https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3604.yaml"
},
{
"name" : "http://juliusdavies.ca/svn/viewvc.cgi/not-yet-commons-ssl?view=rev&revision=172",
"refsource" : "CONFIRM",
"url" : "http://juliusdavies.ca/svn/viewvc.cgi/not-yet-commons-ssl?view=rev&revision=172"
},
{
"name" : "RHSA-2015:1888",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1888.html"
},
{
"name" : "notyetcommons-cve20143604-sec-bypass(97659)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97659"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://juliusdavies.ca/svn/viewvc.cgi/not-yet-commons-ssl?view=rev&revision=172",
"refsource": "CONFIRM",
"url": "http://juliusdavies.ca/svn/viewvc.cgi/not-yet-commons-ssl?view=rev&revision=172"
},
{
"name": "notyetcommons-cve20143604-sec-bypass(97659)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97659"
},
{
"name": "RHSA-2015:1888",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1888.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1131803",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131803"
},
{
"name": "https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3604.yaml",
"refsource": "MISC",
"url": "https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3604.yaml"
}
]
}
}

140
2014/6xxx/CVE-2014-6020.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6020",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Fuel Rewards Network (aka com.excentus.frn) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#202601",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/202601"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Fuel Rewards Network (aka com.excentus.frn) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#202601",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/202601"
}
]
}
}

140
2014/6xxx/CVE-2014-6943.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6943",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Konigsleiten (aka com.knigsleiten) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#383441",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/383441"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Konigsleiten (aka com.knigsleiten) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#383441",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/383441"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

1760
2014/7xxx/CVE-2014-7169.json
View File

File diff suppressed because it is too large Load Diff

170
2014/7xxx/CVE-2014-7207.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7207",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A certain Debian patch to the IPv6 implementation in the Linux kernel 3.2.x through 3.2.63 does not properly validate arguments in ipv6_select_ident function calls, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging (1) tun or (2) macvtap device access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-7207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141102 CVE-2014-7207 assignment: Debian-specific Linux 3.2 backport issue",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/11/02/1"
},
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766195",
"refsource" : "CONFIRM",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766195"
},
{
"name" : "DSA-3060",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3060"
},
{
"name" : "USN-2417-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2417-1"
},
{
"name" : "USN-2418-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2418-1"
},
{
"name" : "70867",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70867"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A certain Debian patch to the IPv6 implementation in the Linux kernel 3.2.x through 3.2.63 does not properly validate arguments in ipv6_select_ident function calls, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging (1) tun or (2) macvtap device access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2418-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2418-1"
},
{
"name": "USN-2417-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2417-1"
},
{
"name": "DSA-3060",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3060"
},
{
"name": "[oss-security] 20141102 CVE-2014-7207 assignment: Debian-specific Linux 3.2 backport issue",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/11/02/1"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766195",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766195"
},
{
"name": "70867",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70867"
}
]
}
}

34
2014/7xxx/CVE-2014-7311.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7311",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-7311",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

180
2014/7xxx/CVE-2014-7843.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7843",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The __clear_user function in arch/arm64/lib/clear_user.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-7843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141113 CVE-2014-7843 Linux kernel: aarch64: copying from /dev/zero causes local DoS",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/11/13/5"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=97fc15436b36ee3956efad83e22a557991f7d19d",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=97fc15436b36ee3956efad83e22a557991f7d19d"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1163744",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1163744"
},
{
"name" : "https://github.com/torvalds/linux/commit/97fc15436b36ee3956efad83e22a557991f7d19d",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/97fc15436b36ee3956efad83e22a557991f7d19d"
},
{
"name" : "71082",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71082"
},
{
"name" : "62305",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62305"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The __clear_user function in arch/arm64/lib/clear_user.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20141113 CVE-2014-7843 Linux kernel: aarch64: copying from /dev/zero causes local DoS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/11/13/5"
},
{
"name": "https://github.com/torvalds/linux/commit/97fc15436b36ee3956efad83e22a557991f7d19d",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/97fc15436b36ee3956efad83e22a557991f7d19d"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=97fc15436b36ee3956efad83e22a557991f7d19d",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=97fc15436b36ee3956efad83e22a557991f7d19d"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1163744",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163744"
},
{
"name": "71082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71082"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4"
},
{
"name": "62305",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62305"
}
]
}
}

130
2014/7xxx/CVE-2014-7920.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7920",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2014-7920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://android.googlesource.com/platform/frameworks/av/+/36d1577%5E!/",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/av/+/36d1577%5E!/"
},
{
"name" : "https://bits-please.blogspot.com/2016/01/android-privilege-escalation-to.html",
"refsource" : "CONFIRM",
"url" : "https://bits-please.blogspot.com/2016/01/android-privilege-escalation-to.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bits-please.blogspot.com/2016/01/android-privilege-escalation-to.html",
"refsource": "CONFIRM",
"url": "https://bits-please.blogspot.com/2016/01/android-privilege-escalation-to.html"
},
{
"name": "https://android.googlesource.com/platform/frameworks/av/+/36d1577%5E!/",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/36d1577%5E!/"
}
]
}
}

170
2014/8xxx/CVE-2014-8000.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8000",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-8000",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36467",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36467"
},
{
"name" : "20141119 Cisco Unified Communications Manager IM and Presence Service Enumeration Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8000"
},
{
"name" : "71173",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71173"
},
{
"name" : "1031240",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031240"
},
{
"name" : "62558",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62558"
},
{
"name" : "cisco-ucm-cve20148000-info-disc(98786)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98786"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36467",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36467"
},
{
"name": "20141119 Cisco Unified Communications Manager IM and Presence Service Enumeration Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8000"
},
{
"name": "62558",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62558"
},
{
"name": "71173",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71173"
},
{
"name": "1031240",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031240"
},
{
"name": "cisco-ucm-cve20148000-info-disc(98786)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98786"
}
]
}
}

120
2016/2xxx/CVE-2016-2282.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2282",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt credentials, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-2282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-063-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-063-01"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt credentials, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-063-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-063-01"
}
]
}
}

120
2016/2xxx/CVE-2016-2311.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2311",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Black Box AlertWerks ServSensor with firmware before SP473, AlertWerks ServSensor Junior with firmware before SP473, AlertWerks ServSensor Junior with PoE with firmware before SP473, and AlertWerks ServSensor Contact with firmware before SP473 allow remote authenticated users to discover administrator and user passwords via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-2311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-147-03",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-147-03"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Black Box AlertWerks ServSensor with firmware before SP473, AlertWerks ServSensor Junior with firmware before SP473, AlertWerks ServSensor Junior with PoE with firmware before SP473, and AlertWerks ServSensor Contact with firmware before SP473 allow remote authenticated users to discover administrator and user passwords via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-147-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-147-03"
}
]
}
}

220
2016/2xxx/CVE-2016-2342.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2342",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=a3bc7e9400b214a0f078fdb19596ba54214a1442",
"refsource" : "CONFIRM",
"url" : "http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=a3bc7e9400b214a0f078fdb19596ba54214a1442"
},
{
"name" : "http://nongnu.askapache.com//quagga/quagga-1.0.20160309.changelog.txt",
"refsource" : "CONFIRM",
"url" : "http://nongnu.askapache.com//quagga/quagga-1.0.20160309.changelog.txt"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "DSA-3532",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3532"
},
{
"name" : "GLSA-201610-03",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201610-03"
},
{
"name" : "RHSA-2017:0794",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0794.html"
},
{
"name" : "openSUSE-SU-2016:0888",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00117.html"
},
{
"name" : "openSUSE-SU-2016:0863",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00102.html"
},
{
"name" : "USN-2941-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2941-1"
},
{
"name" : "VU#270232",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/270232"
},
{
"name" : "84318",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/84318"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "84318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84318"
},
{
"name": "RHSA-2017:0794",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0794.html"
},
{
"name": "openSUSE-SU-2016:0863",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00102.html"
},
{
"name": "DSA-3532",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3532"
},
{
"name": "VU#270232",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/270232"
},
{
"name": "http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=a3bc7e9400b214a0f078fdb19596ba54214a1442",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=a3bc7e9400b214a0f078fdb19596ba54214a1442"
},
{
"name": "GLSA-201610-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-03"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "openSUSE-SU-2016:0888",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00117.html"
},
{
"name": "http://nongnu.askapache.com//quagga/quagga-1.0.20160309.changelog.txt",
"refsource": "CONFIRM",
"url": "http://nongnu.askapache.com//quagga/quagga-1.0.20160309.changelog.txt"
},
{
"name": "USN-2941-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2941-1"
}
]
}
}

120
2016/2xxx/CVE-2016-2498.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2498",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to bypass intended data-access restrictions via a crafted application, aka internal bug 27777162."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-2498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-06-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-06-01.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to bypass intended data-access restrictions via a crafted application, aka internal bug 27777162."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-06-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-06-01.html"
}
]
}
}

34
2016/2xxx/CVE-2016-2615.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2615",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2615",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/6xxx/CVE-2016-6697.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6697",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6697",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2017/18xxx/CVE-2017-18177.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18177",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. This is fixed in 10.1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://packetstormsecurity.com/files/143894/Progress-Sitefinity-9.1-XSS-Session-Management-Open-Redirect.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/143894/Progress-Sitefinity-9.1-XSS-Session-Management-Open-Redirect.html"
},
{
"name" : "https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-progress-sitefinity/index.html",
"refsource" : "MISC",
"url" : "https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-progress-sitefinity/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. This is fixed in 10.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-progress-sitefinity/index.html",
"refsource": "MISC",
"url": "https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-progress-sitefinity/index.html"
},
{
"name": "https://packetstormsecurity.com/files/143894/Progress-Sitefinity-9.1-XSS-Session-Management-Open-Redirect.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/143894/Progress-Sitefinity-9.1-XSS-Session-Management-Open-Redirect.html"
}
]
}
}

34
2017/1xxx/CVE-2017-1463.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1463",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1463",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/1xxx/CVE-2017-1776.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1776",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1776",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/5xxx/CVE-2017-5282.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5282",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5282",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/5xxx/CVE-2017-5366.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5366",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5366",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

182
2017/5xxx/CVE-2017-5707.json
View File

@ -1,93 +1,93 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"DATE_PUBLIC" : "2017-11-20T00:00:00",
"ID" : "CVE-2017-5707",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Trusted Execution Engine",
"version" : {
"version_data" : [
{
"version_value" : "3.0"
}
]
}
}
]
},
"vendor_name" : "Intel Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in kernel in Intel Trusted Execution Engine Firmware 3.0 allow attacker with local access to the system to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2017-11-20T00:00:00",
"ID": "CVE-2017-5707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trusted Execution Engine",
"version": {
"version_data": [
{
"version_value": "3.0"
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://twitter.com/PTsecurity_UK/status/938447926128291842",
"refsource" : "MISC",
"url" : "https://twitter.com/PTsecurity_UK/status/938447926128291842"
},
{
"name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr",
"refsource" : "CONFIRM",
"url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20171120-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20171120-0001/"
},
{
"name" : "https://www.asus.com/News/wzeltG5CjYaIwGJ0",
"refsource" : "CONFIRM",
"url" : "https://www.asus.com/News/wzeltG5CjYaIwGJ0"
},
{
"name" : "https://www.synology.com/support/security/Synology_SA_17_73",
"refsource" : "CONFIRM",
"url" : "https://www.synology.com/support/security/Synology_SA_17_73"
},
{
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf",
"refsource" : "CONFIRM",
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf"
},
{
"name" : "101919",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101919"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in kernel in Intel Trusted Execution Engine Firmware 3.0 allow attacker with local access to the system to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.netapp.com/advisory/ntap-20171120-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171120-0001/"
},
{
"name": "https://twitter.com/PTsecurity_UK/status/938447926128291842",
"refsource": "MISC",
"url": "https://twitter.com/PTsecurity_UK/status/938447926128291842"
},
{
"name": "101919",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101919"
},
{
"name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr",
"refsource": "CONFIRM",
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_17_73",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_17_73"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf"
},
{
"name": "https://www.asus.com/News/wzeltG5CjYaIwGJ0",
"refsource": "CONFIRM",
"url": "https://www.asus.com/News/wzeltG5CjYaIwGJ0"
}
]
}
}

34
2017/5xxx/CVE-2017-5958.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5958",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5958",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}