admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:15:16 +00:00
parent 0f4fcfd4de
commit faec3d0e0b
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
56 changed files with 4369 additions and 4369 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

200
2006/0xxx/CVE-2006-0230.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0230",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060421 [Symantec Security Advisor] Symantec Scan Engine Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/431734/100/0/threaded"
},
{
"name" : "20060421 Rapid7 Advisory R7-0021: Symantec Scan Engine Authentication Fundamental Design Error",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/431724/100/0/threaded"
},
{
"name" : "20060421 Rapid7 Advisory R7-0021: Symantec Scan Engine Authentication Fundamental Design Error",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0010.html"
},
{
"name" : "http://www.symantec.com/avcenter/security/Content/2006.04.21.html",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/avcenter/security/Content/2006.04.21.html"
},
{
"name" : "VU#118388",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/118388"
},
{
"name" : "17637",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17637"
},
{
"name" : "ADV-2006-1464",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1464"
},
{
"name" : "19734",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19734"
},
{
"name" : "sse-unauth-admin-access(25972)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25972"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17637",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17637"
},
{
"name": "19734",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19734"
},
{
"name": "20060421 Rapid7 Advisory R7-0021: Symantec Scan Engine Authentication Fundamental Design Error",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431724/100/0/threaded"
},
{
"name": "20060421 [Symantec Security Advisor] Symantec Scan Engine Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431734/100/0/threaded"
},
{
"name": "20060421 Rapid7 Advisory R7-0021: Symantec Scan Engine Authentication Fundamental Design Error",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0010.html"
},
{
"name": "VU#118388",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/118388"
},
{
"name": "http://www.symantec.com/avcenter/security/Content/2006.04.21.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2006.04.21.html"
},
{
"name": "sse-unauth-admin-access(25972)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25972"
},
{
"name": "ADV-2006-1464",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1464"
}
]
}
}

200
2006/0xxx/CVE-2006-0470.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0470",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBoard (MyBB) 1.02 allows remote attackers to inject arbitrary web script or HTML via the (1) sortby and (2) sortordr parameters, which are not properly handled in a redirection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0470",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060125 MyBB 1.0.2 XSS attack in search.php redirection",
"refsource" : "BUGTRAQ",
"url" : "http://seclists.org/lists/bugtraq/2006/Jan/0414.html"
},
{
"name" : "http://community.mybboard.net/showthread.php?tid=6418",
"refsource" : "CONFIRM",
"url" : "http://community.mybboard.net/showthread.php?tid=6418"
},
{
"name" : "http://community.mybboard.net/attachment.php?aid=2181",
"refsource" : "CONFIRM",
"url" : "http://community.mybboard.net/attachment.php?aid=2181"
},
{
"name" : "16387",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16387"
},
{
"name" : "ADV-2006-0350",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0350"
},
{
"name" : "22750",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22750"
},
{
"name" : "18617",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18617"
},
{
"name" : "374",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/374"
},
{
"name" : "mybb-search-xss(24466)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24466"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBoard (MyBB) 1.02 allows remote attackers to inject arbitrary web script or HTML via the (1) sortby and (2) sortordr parameters, which are not properly handled in a redirection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://community.mybboard.net/attachment.php?aid=2181",
"refsource": "CONFIRM",
"url": "http://community.mybboard.net/attachment.php?aid=2181"
},
{
"name": "mybb-search-xss(24466)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24466"
},
{
"name": "20060125 MyBB 1.0.2 XSS attack in search.php redirection",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/lists/bugtraq/2006/Jan/0414.html"
},
{
"name": "16387",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16387"
},
{
"name": "http://community.mybboard.net/showthread.php?tid=6418",
"refsource": "CONFIRM",
"url": "http://community.mybboard.net/showthread.php?tid=6418"
},
{
"name": "ADV-2006-0350",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0350"
},
{
"name": "18617",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18617"
},
{
"name": "374",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/374"
},
{
"name": "22750",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22750"
}
]
}
}

170
2006/0xxx/CVE-2006-0781.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0781",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in weblog.pl in PerlBlog 1.09b and earlier allows remote attackers to read certain files via the month parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0781",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060227 [eVuln] PerlBlog Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/426260/100/0/threaded"
},
{
"name" : "http://evuln.com/vulns/81/summary.html",
"refsource" : "MISC",
"url" : "http://evuln.com/vulns/81/summary.html"
},
{
"name" : "16707",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16707"
},
{
"name" : "18924",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18924"
},
{
"name" : "508",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/508"
},
{
"name" : "perlblog-weblog-directory-traversal(24690)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24690"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in weblog.pl in PerlBlog 1.09b and earlier allows remote attackers to read certain files via the month parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "perlblog-weblog-directory-traversal(24690)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24690"
},
{
"name": "20060227 [eVuln] PerlBlog Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426260/100/0/threaded"
},
{
"name": "http://evuln.com/vulns/81/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/81/summary.html"
},
{
"name": "508",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/508"
},
{
"name": "18924",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18924"
},
{
"name": "16707",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16707"
}
]
}
}

170
2006/0xxx/CVE-2006-0906.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0906",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in D3Jeeb Pro 3 allows remote attackers to execute arbitrary SQL commands via the catid parameter in (1) fastlinks.php and (2) catogary.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060226 2 SQL Injection in d3jeeb",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/426197/100/0/threaded"
},
{
"name" : "16853",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16853"
},
{
"name" : "ADV-2006-0757",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0757"
},
{
"name" : "1015687",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015687"
},
{
"name" : "19062",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19062"
},
{
"name" : "d3jeeb-catid-sql-injection(24941)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24941"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in D3Jeeb Pro 3 allows remote attackers to execute arbitrary SQL commands via the catid parameter in (1) fastlinks.php and (2) catogary.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015687",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015687"
},
{
"name": "d3jeeb-catid-sql-injection(24941)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24941"
},
{
"name": "20060226 2 SQL Injection in d3jeeb",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426197/100/0/threaded"
},
{
"name": "19062",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19062"
},
{
"name": "16853",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16853"
},
{
"name": "ADV-2006-0757",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0757"
}
]
}
}

160
2006/1xxx/CVE-2006-1266.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1266",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Service_Requests.asp in VPMi Enterprise 3.3 allows remote attackers to inject arbitrary web script or HTML via the Request_Name_Display parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060314 vendor dispute: VCS",
"refsource" : "VIM",
"url" : "http://attrition.org/pipermail/vim/2006-March/000605.html"
},
{
"name" : "17172",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17172"
},
{
"name" : "23916",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23916"
},
{
"name" : "19297",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19297"
},
{
"name" : "vpmi-servicerequests-xss(25339)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25339"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Service_Requests.asp in VPMi Enterprise 3.3 allows remote attackers to inject arbitrary web script or HTML via the Request_Name_Display parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060314 vendor dispute: VCS",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2006-March/000605.html"
},
{
"name": "23916",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23916"
},
{
"name": "17172",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17172"
},
{
"name": "vpmi-servicerequests-xss(25339)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25339"
},
{
"name": "19297",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19297"
}
]
}
}

200
2006/1xxx/CVE-2006-1888.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1888",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "phpGraphy 0.9.11 and earlier allows remote attackers to bypass authentication and gain administrator privileges via a direct request to index.php with the editwelcome parameter set to 1, which can then be used to modify the main page to inject arbitrary HTML and web script. NOTE: XSS attacks are resultant from this issue, since normal functionality allows the admin to modify pages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060417 - PHPGraphy <= 0.9.11 \"editwelcome\" unauthorized access / cross site scripting -",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/431128/100/0/threaded"
},
{
"name" : "20060418 Re: - PHPGraphy <= 0.9.11 \"editwelcome\" unauthorized access / cross site scripting -",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/431268/100/0/threaded"
},
{
"name" : "http://retrogod.altervista.org/phpgraphy_0911_adv.html",
"refsource" : "MISC",
"url" : "http://retrogod.altervista.org/phpgraphy_0911_adv.html"
},
{
"name" : "17567",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17567"
},
{
"name" : "ADV-2006-1379",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1379"
},
{
"name" : "1015971",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015971"
},
{
"name" : "19705",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19705"
},
{
"name" : "733",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/733"
},
{
"name" : "phpgraphy-index-xss(25892)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25892"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpGraphy 0.9.11 and earlier allows remote attackers to bypass authentication and gain administrator privileges via a direct request to index.php with the editwelcome parameter set to 1, which can then be used to modify the main page to inject arbitrary HTML and web script. NOTE: XSS attacks are resultant from this issue, since normal functionality allows the admin to modify pages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "733",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/733"
},
{
"name": "1015971",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015971"
},
{
"name": "17567",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17567"
},
{
"name": "20060418 Re: - PHPGraphy <= 0.9.11 \"editwelcome\" unauthorized access / cross site scripting -",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431268/100/0/threaded"
},
{
"name": "20060417 - PHPGraphy <= 0.9.11 \"editwelcome\" unauthorized access / cross site scripting -",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431128/100/0/threaded"
},
{
"name": "phpgraphy-index-xss(25892)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25892"
},
{
"name": "ADV-2006-1379",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1379"
},
{
"name": "http://retrogod.altervista.org/phpgraphy_0911_adv.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/phpgraphy_0911_adv.html"
},
{
"name": "19705",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19705"
}
]
}
}

140
2006/1xxx/CVE-2006-1966.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1966",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An unspecified Fortinet product, possibly Fortinet28, allows remote attackers to cause a denial of service via a \"small synflood\" to the SMTP port (TCP port 25), as demonstrated by a 10-microsecond wait between sending packets. NOTE: this issue has been disputed in followup posts that suggest that a protection feature is triggering a RST."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1966",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060416 Fortinet28 box does not resist has small synflood!",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/431404/100/0/threaded"
},
{
"name" : "20060418 Re: Fortinet28 box does not resist has small synflood!",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0449.html"
},
{
"name" : "20060418 Re: Fortinet28 box does not resist has small synflood!",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0472.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unspecified Fortinet product, possibly Fortinet28, allows remote attackers to cause a denial of service via a \"small synflood\" to the SMTP port (TCP port 25), as demonstrated by a 10-microsecond wait between sending packets. NOTE: this issue has been disputed in followup posts that suggest that a protection feature is triggering a RST."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060416 Fortinet28 box does not resist has small synflood!",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431404/100/0/threaded"
},
{
"name": "20060418 Re: Fortinet28 box does not resist has small synflood!",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0449.html"
},
{
"name": "20060418 Re: Fortinet28 box does not resist has small synflood!",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0472.html"
}
]
}
}

270
2006/1xxx/CVE-2006-1983.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1983",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple heap-based buffer overflows in Mac OS X 10.4.6 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) PredictorVSetField function for TIFF or (2) CFAllocatorAllocate function for GIF, as used in applications that use ImageIO or AppKit. NOTE: the BMP vector has been re-assigned to CVE-2006-2238 because it affects a separate product family."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.security-protocols.com/sp-x28-advisory.php",
"refsource" : "MISC",
"url" : "http://www.security-protocols.com/sp-x28-advisory.php"
},
{
"name" : "http://www.security-protocols.com/sp-x30-advisory.php",
"refsource" : "MISC",
"url" : "http://www.security-protocols.com/sp-x30-advisory.php"
},
{
"name" : "http://www.security-protocols.com/modules.php?name=News&file=article&sid=3233",
"refsource" : "MISC",
"url" : "http://www.security-protocols.com/modules.php?name=News&file=article&sid=3233"
},
{
"name" : "APPLE-SA-2006-05-11",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
},
{
"name" : "TA06-132A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
},
{
"name" : "17634",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17634"
},
{
"name" : "17951",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17951"
},
{
"name" : "ADV-2006-1452",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1452"
},
{
"name" : "ADV-2006-1779",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1779"
},
{
"name" : "24821",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24821"
},
{
"name" : "24822",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24822"
},
{
"name" : "1016067",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016067"
},
{
"name" : "19686",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19686"
},
{
"name" : "20077",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20077"
},
{
"name" : "macosx-cfallocatorallocate-bo(25949)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25949"
},
{
"name" : "macosx-predictorvsetfield-bo(25951)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25951"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in Mac OS X 10.4.6 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) PredictorVSetField function for TIFF or (2) CFAllocatorAllocate function for GIF, as used in applications that use ImageIO or AppKit. NOTE: the BMP vector has been re-assigned to CVE-2006-2238 because it affects a separate product family."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17951",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17951"
},
{
"name": "ADV-2006-1779",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1779"
},
{
"name": "TA06-132A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
},
{
"name": "http://www.security-protocols.com/modules.php?name=News&file=article&sid=3233",
"refsource": "MISC",
"url": "http://www.security-protocols.com/modules.php?name=News&file=article&sid=3233"
},
{
"name": "1016067",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016067"
},
{
"name": "24821",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24821"
},
{
"name": "macosx-cfallocatorallocate-bo(25949)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25949"
},
{
"name": "APPLE-SA-2006-05-11",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
},
{
"name": "macosx-predictorvsetfield-bo(25951)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25951"
},
{
"name": "ADV-2006-1452",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1452"
},
{
"name": "17634",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17634"
},
{
"name": "24822",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24822"
},
{
"name": "20077",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20077"
},
{
"name": "http://www.security-protocols.com/sp-x28-advisory.php",
"refsource": "MISC",
"url": "http://www.security-protocols.com/sp-x28-advisory.php"
},
{
"name": "19686",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19686"
},
{
"name": "http://www.security-protocols.com/sp-x30-advisory.php",
"refsource": "MISC",
"url": "http://www.security-protocols.com/sp-x30-advisory.php"
}
]
}
}

180
2006/5xxx/CVE-2006-5221.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5221",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Cahier de texte 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) matiere_ID parameter in lire.php or the (2) classe_ID parameter in lire_a_faire.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061007 Cahier de textes 2.0 Remote SQL injection Exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/447933/100/0/threaded"
},
{
"name" : "2485",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2485"
},
{
"name" : "20389",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20389"
},
{
"name" : "ADV-2006-3949",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3949"
},
{
"name" : "22319",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22319"
},
{
"name" : "1701",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1701"
},
{
"name" : "cahierdetexte-lire-sql-injection(29388)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29388"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Cahier de texte 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) matiere_ID parameter in lire.php or the (2) classe_ID parameter in lire_a_faire.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1701",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1701"
},
{
"name": "20389",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20389"
},
{
"name": "2485",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2485"
},
{
"name": "ADV-2006-3949",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3949"
},
{
"name": "20061007 Cahier de textes 2.0 Remote SQL injection Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447933/100/0/threaded"
},
{
"name": "cahierdetexte-lire-sql-injection(29388)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29388"
},
{
"name": "22319",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22319"
}
]
}
}

220
2006/5xxx/CVE-2006-5345.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5345",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Spatial component in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unknown impact and remote authenticated attack vectors related to mdsys.sdo_geom, aka Vuln# DB22. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB22 is related to \"length checking\" in the RELATE function before MD2.RELATE is called."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061018 Analysis of the Oracle October 2006 Critical Patch Update",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/449110/100/0/threaded"
},
{
"name" : "http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf",
"refsource" : "MISC",
"url" : "http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf"
},
{
"name" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html",
"refsource" : "MISC",
"url" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html"
},
{
"name" : "HPSBMA02133",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded"
},
{
"name" : "SSRT061201",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded"
},
{
"name" : "TA06-291A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-291A.html"
},
{
"name" : "20588",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20588"
},
{
"name" : "ADV-2006-4065",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4065"
},
{
"name" : "1017077",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017077"
},
{
"name" : "22396",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22396"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Spatial component in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unknown impact and remote authenticated attack vectors related to mdsys.sdo_geom, aka Vuln# DB22. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB22 is related to \"length checking\" in the RELATE function before MD2.RELATE is called."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html"
},
{
"name": "20588",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20588"
},
{
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html"
},
{
"name": "http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf",
"refsource": "MISC",
"url": "http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf"
},
{
"name": "20061018 Analysis of the Oracle October 2006 Critical Patch Update",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449110/100/0/threaded"
},
{
"name": "SSRT061201",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded"
},
{
"name": "ADV-2006-4065",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4065"
},
{
"name": "22396",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22396"
},
{
"name": "1017077",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017077"
},
{
"name": "TA06-291A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-291A.html"
}
]
}
}

140
2006/5xxx/CVE-2006-5401.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5401",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in template/barnraiser_01/p_new_password.tpl.php in AROUNDMe 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the templatePath parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2562",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2562"
},
{
"name" : "20553",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20553"
},
{
"name" : "aroundme-pnewpasswordtpl-file-include(29555)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29555"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in template/barnraiser_01/p_new_password.tpl.php in AROUNDMe 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the templatePath parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2562",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2562"
},
{
"name": "20553",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20553"
},
{
"name": "aroundme-pnewpasswordtpl-file-include(29555)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29555"
}
]
}
}

170
2007/2xxx/CVE-2007-2038.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2038",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.193.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug ID CSCsg36361."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070412 Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
},
{
"name" : "23461",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23461"
},
{
"name" : "ADV-2007-1368",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1368"
},
{
"name" : "34136",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/34136"
},
{
"name" : "1017908",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017908"
},
{
"name" : "cisco-wlc-npu-traffic-dos(33609)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33609"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.193.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug ID CSCsg36361."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-1368",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1368"
},
{
"name": "20070412 Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
},
{
"name": "1017908",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017908"
},
{
"name": "cisco-wlc-npu-traffic-dos(33609)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33609"
},
{
"name": "34136",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/34136"
},
{
"name": "23461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23461"
}
]
}
}

130
2010/0xxx/CVE-2010-0002.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0002",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LS_OPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://qa.mandriva.com/show_bug.cgi?id=56882",
"refsource" : "CONFIRM",
"url" : "https://qa.mandriva.com/show_bug.cgi?id=56882"
},
{
"name" : "MDVSA-2010:004",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:004"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LS_OPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2010:004",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:004"
},
{
"name": "https://qa.mandriva.com/show_bug.cgi?id=56882",
"refsource": "CONFIRM",
"url": "https://qa.mandriva.com/show_bug.cgi?id=56882"
}
]
}
}

150
2010/0xxx/CVE-2010-0103.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0103",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%\\system32 directory, which allows remote attackers to download arbitrary programs onto a Windows PC, and execute these programs, via a request to TCP port 7777."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2010-0103",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.marketwatch.com/story/energizer-announces-duo-charger-and-usb-charger-software-problem-2010-03-05",
"refsource" : "MISC",
"url" : "http://www.marketwatch.com/story/energizer-announces-duo-charger-and-usb-charger-software-problem-2010-03-05"
},
{
"name" : "http://www.symantec.com/connect/blogs/trojan-found-usb-battery-charger-software",
"refsource" : "MISC",
"url" : "http://www.symantec.com/connect/blogs/trojan-found-usb-battery-charger-software"
},
{
"name" : "VU#154421",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/154421"
},
{
"name" : "38571",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38571"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%\\system32 directory, which allows remote attackers to download arbitrary programs onto a Windows PC, and execute these programs, via a request to TCP port 7777."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/connect/blogs/trojan-found-usb-battery-charger-software",
"refsource": "MISC",
"url": "http://www.symantec.com/connect/blogs/trojan-found-usb-battery-charger-software"
},
{
"name": "38571",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38571"
},
{
"name": "VU#154421",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/154421"
},
{
"name": "http://www.marketwatch.com/story/energizer-announces-duo-charger-and-usb-charger-software-problem-2010-03-05",
"refsource": "MISC",
"url": "http://www.marketwatch.com/story/energizer-announces-duo-charger-and-usb-charger-software-problem-2010-03-05"
}
]
}
}

190
2010/0xxx/CVE-2010-0317.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0317",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Novell Netware 6.5 SP8 allows remote attackers to cause a denial of service (NULL pointer dereference, memory consumption, ABEND, and crash) via a large number of malformed or AFP requests that are not properly handled by (1) the CIFS functionality in CIFS.nlm Semantic Agent (Build 163 MP) 3.27 or (2) the AFP functionality in AFPTCP.nlm Build 163 SP 3.27. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100105 {PRL} Novell Netware CIFS And AFP Remote Memory Consumption DoS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/508731/100/0/threaded"
},
{
"name" : "http://protekresearch.blogspot.com/2010/01/prl-cifsnlm-memory-consumption-denial.html",
"refsource" : "MISC",
"url" : "http://protekresearch.blogspot.com/2010/01/prl-cifsnlm-memory-consumption-denial.html"
},
{
"name" : "11009",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/11009"
},
{
"name" : "37616",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37616"
},
{
"name" : "1023400",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023400"
},
{
"name" : "38114",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38114"
},
{
"name" : "ADV-2010-0041",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0041"
},
{
"name" : "netware-afptcp-dos(55389)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55389"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Novell Netware 6.5 SP8 allows remote attackers to cause a denial of service (NULL pointer dereference, memory consumption, ABEND, and crash) via a large number of malformed or AFP requests that are not properly handled by (1) the CIFS functionality in CIFS.nlm Semantic Agent (Build 163 MP) 3.27 or (2) the AFP functionality in AFPTCP.nlm Build 163 SP 3.27. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-0041",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0041"
},
{
"name": "1023400",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023400"
},
{
"name": "http://protekresearch.blogspot.com/2010/01/prl-cifsnlm-memory-consumption-denial.html",
"refsource": "MISC",
"url": "http://protekresearch.blogspot.com/2010/01/prl-cifsnlm-memory-consumption-denial.html"
},
{
"name": "37616",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37616"
},
{
"name": "netware-afptcp-dos(55389)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55389"
},
{
"name": "11009",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11009"
},
{
"name": "38114",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38114"
},
{
"name": "20100105 {PRL} Novell Netware CIFS And AFP Remote Memory Consumption DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508731/100/0/threaded"
}
]
}
}

130
2010/0xxx/CVE-2010-0525.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0525",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive information via a brute-force attack on a weakly encrypted e-mail message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-0525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4077",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4077"
},
{
"name" : "APPLE-SA-2010-03-29-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive information via a brute-force attack on a weakly encrypted e-mail message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-03-29-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT4077",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4077"
}
]
}
}

230
2010/0xxx/CVE-2010-0727.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0727",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on a (1) GFS or (2) GFS2 filesystem, and then changing this file's permissions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0727",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[linux-kernel] 20100311 [PATCH 3/3] GFS2: Skip check for mandatory locks when unlocking",
"refsource" : "MLIST",
"url" : "http://lkml.org/lkml/2010/3/11/269"
},
{
"name" : "[oss-security] 20100312 CVE-2010-0727 kernel: gfs/gfs2 locking code DoS flaw",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/03/12/1"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=570863",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=570863"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.34-rc1-next-20100312.bz2",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.34-rc1-next-20100312.bz2"
},
{
"name" : "DSA-2053",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2053"
},
{
"name" : "MDVSA-2010:066",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:066"
},
{
"name" : "RHSA-2010:0330",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0330.html"
},
{
"name" : "RHSA-2010:0380",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0380.html"
},
{
"name" : "RHSA-2010:0521",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0521.html"
},
{
"name" : "oval:org.mitre.oval:def:11392",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11392"
},
{
"name" : "1023809",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023809"
},
{
"name" : "39830",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39830"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on a (1) GFS or (2) GFS2 filesystem, and then changing this file's permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2010:0330",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0330.html"
},
{
"name": "[oss-security] 20100312 CVE-2010-0727 kernel: gfs/gfs2 locking code DoS flaw",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/03/12/1"
},
{
"name": "RHSA-2010:0380",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0380.html"
},
{
"name": "[linux-kernel] 20100311 [PATCH 3/3] GFS2: Skip check for mandatory locks when unlocking",
"refsource": "MLIST",
"url": "http://lkml.org/lkml/2010/3/11/269"
},
{
"name": "oval:org.mitre.oval:def:11392",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11392"
},
{
"name": "1023809",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023809"
},
{
"name": "MDVSA-2010:066",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:066"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.34-rc1-next-20100312.bz2",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.34-rc1-next-20100312.bz2"
},
{
"name": "DSA-2053",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2053"
},
{
"name": "RHSA-2010:0521",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0521.html"
},
{
"name": "39830",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39830"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=570863",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=570863"
}
]
}
}

34
2010/1xxx/CVE-2010-1220.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1220",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1220",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2010/1xxx/CVE-2010-1352.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1352",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the JOOFORGE Jutebox (com_jukebox) component 1.0 and 1.7 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1004-exploits/joomlajukebox-lfi.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1004-exploits/joomlajukebox-lfi.txt"
},
{
"name" : "12084",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/12084"
},
{
"name" : "39248",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39248"
},
{
"name" : "39357",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39357"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the JOOFORGE Jutebox (com_jukebox) component 1.0 and 1.7 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39357",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39357"
},
{
"name": "39248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39248"
},
{
"name": "12084",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12084"
},
{
"name": "http://packetstormsecurity.org/1004-exploits/joomlajukebox-lfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1004-exploits/joomlajukebox-lfi.txt"
}
]
}
}

150
2010/1xxx/CVE-2010-1525.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1525",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer underflow in the SpreadSheet Lotus 123 reader (wkssr.dll) in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted size for an unspecified record type, which triggers a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2010-1525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://secunia.com/secunia_research/2010-49/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2010-49/"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21440812",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21440812"
},
{
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01"
},
{
"name" : "41928",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41928"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer underflow in the SpreadSheet Lotus 123 reader (wkssr.dll) in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted size for an unspecified record type, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01"
},
{
"name": "41928",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41928"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21440812",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21440812"
},
{
"name": "http://secunia.com/secunia_research/2010-49/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2010-49/"
}
]
}
}

34
2010/3xxx/CVE-2010-3799.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3799",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3799",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

220
2010/3xxx/CVE-2010-3803.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3803",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-3803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4455",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4455"
},
{
"name" : "http://support.apple.com/kb/HT4456",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4456"
},
{
"name" : "APPLE-SA-2010-11-18-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html"
},
{
"name" : "APPLE-SA-2010-11-22-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"name" : "SUSE-SR:2011:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name" : "oval:org.mitre.oval:def:12130",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12130"
},
{
"name" : "42314",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42314"
},
{
"name" : "43068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43068"
},
{
"name" : "ADV-2010-3046",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3046"
},
{
"name" : "ADV-2011-0212",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name" : "safari-strings-code-execution(63346)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63346"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "http://support.apple.com/kb/HT4455",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4455"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "ADV-2010-3046",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3046"
},
{
"name": "safari-strings-code-execution(63346)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63346"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "APPLE-SA-2010-11-18-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html"
},
{
"name": "42314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42314"
},
{
"name": "oval:org.mitre.oval:def:12130",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12130"
},
{
"name": "http://support.apple.com/kb/HT4456",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "APPLE-SA-2010-11-22-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
]
}
}

140
2010/4xxx/CVE-2010-4028.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4028",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in LoadRunner Web Tours 9.10 in HP LoadRunner 9.1 and earlier allows remote attackers to cause a denial of service, and possibly obtain sensitive information or modify data, via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2010-4028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMA02533",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=128821242731749&w=2"
},
{
"name" : "SSRT080049",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=128821242731749&w=2"
},
{
"name" : "1024657",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024657"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in LoadRunner Web Tours 9.10 in HP LoadRunner 9.1 and earlier allows remote attackers to cause a denial of service, and possibly obtain sensitive information or modify data, via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBMA02533",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=128821242731749&w=2"
},
{
"name": "SSRT080049",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=128821242731749&w=2"
},
{
"name": "1024657",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024657"
}
]
}
}

170
2010/4xxx/CVE-2010-4034.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4034",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 7.0.517.41 does not properly handle forms, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=48857",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=48857"
},
{
"name" : "http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html"
},
{
"name" : "44241",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44241"
},
{
"name" : "oval:org.mitre.oval:def:6775",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6775"
},
{
"name" : "41888",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41888"
},
{
"name" : "ADV-2010-2731",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2731"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 7.0.517.41 does not properly handle forms, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-2731",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2731"
},
{
"name": "oval:org.mitre.oval:def:6775",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6775"
},
{
"name": "41888",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41888"
},
{
"name": "44241",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44241"
},
{
"name": "http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=48857",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=48857"
}
]
}
}

170
2010/4xxx/CVE-2010-4190.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4190",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted CSWV RIFF chunk that causes an incorrect calculation of an offset for a substructure, which causes an out-of-bounds \"seek\" of heap memory, a different vulnerability than CVE-2011-0555, CVE-2010-4093, CVE-2010-4187, CVE-2010-4191, CVE-2010-4192, and CVE-2010-4306."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-4190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110209 ZDI-11-080: Adobe Shockwave CSWV Chunk Substructure Offset Value Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516324/100/0/threaded"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-080/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-080/"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb11-01.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb11-01.html"
},
{
"name" : "46324",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46324"
},
{
"name" : "1025056",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025056"
},
{
"name" : "ADV-2011-0335",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0335"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted CSWV RIFF chunk that causes an incorrect calculation of an offset for a substructure, which causes an out-of-bounds \"seek\" of heap memory, a different vulnerability than CVE-2011-0555, CVE-2010-4093, CVE-2010-4187, CVE-2010-4191, CVE-2010-4192, and CVE-2010-4306."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-080/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-080/"
},
{
"name": "ADV-2011-0335",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0335"
},
{
"name": "20110209 ZDI-11-080: Adobe Shockwave CSWV Chunk Substructure Offset Value Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516324/100/0/threaded"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-01.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-01.html"
},
{
"name": "46324",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46324"
},
{
"name": "1025056",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025056"
}
]
}
}

140
2010/4xxx/CVE-2010-4277.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4277",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in lembedded-video.php in the Embedded Video plugin 4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the content parameter to wp-admin/post.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20101217 Embedded Video WordPress Plugin Cross Site Vulnerability (XSS) - CVE-2010-4277",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/515345/100/0/threaded"
},
{
"name" : "45486",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45486"
},
{
"name" : "embeddedvideoplugin-lembedded-xss(64214)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64214"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in lembedded-video.php in the Embedded Video plugin 4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the content parameter to wp-admin/post.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45486",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45486"
},
{
"name": "20101217 Embedded Video WordPress Plugin Cross Site Vulnerability (XSS) - CVE-2010-4277",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/515345/100/0/threaded"
},
{
"name": "embeddedvideoplugin-lembedded-xss(64214)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64214"
}
]
}
}

160
2010/4xxx/CVE-2010-4358.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4358",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in gb.cgi in MRCGIGUY (MCG) Guestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, (3) website, and (4) message parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20101124 [eVuln.com] Multiple XSS in MCG GuestBook",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/514884/100/0/threaded"
},
{
"name" : "http://evuln.com/vulns/144/summary.html",
"refsource" : "MISC",
"url" : "http://evuln.com/vulns/144/summary.html"
},
{
"name" : "http://packetstormsecurity.org/files/view/96101/mcgguestbook-xss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/view/96101/mcgguestbook-xss.txt"
},
{
"name" : "45043",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45043"
},
{
"name" : "42315",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42315"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in gb.cgi in MRCGIGUY (MCG) Guestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, (3) website, and (4) message parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20101124 [eVuln.com] Multiple XSS in MCG GuestBook",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514884/100/0/threaded"
},
{
"name": "45043",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45043"
},
{
"name": "42315",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42315"
},
{
"name": "http://packetstormsecurity.org/files/view/96101/mcgguestbook-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/96101/mcgguestbook-xss.txt"
},
{
"name": "http://evuln.com/vulns/144/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/144/summary.html"
}
]
}
}

120
2014/0xxx/CVE-2014-0465.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0465",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity via unknown vectors related to Admin Console."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-0465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity via unknown vectors related to Admin Console."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
}
]
}
}

140
2014/0xxx/CVE-2014-0751.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0751",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in CimWebServer.exe (aka the WebView component) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted message to TCP port 10212, aka ZDI-CAN-1623."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01",
"refsource" : "MISC",
"url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01"
},
{
"name" : "http://support.ge-ip.com/support/index?page=kbchannel&id=KB15940",
"refsource" : "CONFIRM",
"url" : "http://support.ge-ip.com/support/index?page=kbchannel&id=KB15940"
},
{
"name" : "65117",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65117"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in CimWebServer.exe (aka the WebView component) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted message to TCP port 10212, aka ZDI-CAN-1623."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01"
},
{
"name": "http://support.ge-ip.com/support/index?page=kbchannel&id=KB15940",
"refsource": "CONFIRM",
"url": "http://support.ge-ip.com/support/index?page=kbchannel&id=KB15940"
},
{
"name": "65117",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65117"
}
]
}
}

140
2014/0xxx/CVE-2014-0816.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0816",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Norman Security Suite 10.1 and earlier allows local users to gain privileges via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-0816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://jvn.jp/en/jp/JVN02017463/995510/index.html",
"refsource" : "CONFIRM",
"url" : "http://jvn.jp/en/jp/JVN02017463/995510/index.html"
},
{
"name" : "JVN#02017463",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN02017463/index.html"
},
{
"name" : "JVNDB-2014-000026",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000026"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Norman Security Suite 10.1 and earlier allows local users to gain privileges via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2014-000026",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000026"
},
{
"name": "http://jvn.jp/en/jp/JVN02017463/995510/index.html",
"refsource": "CONFIRM",
"url": "http://jvn.jp/en/jp/JVN02017463/995510/index.html"
},
{
"name": "JVN#02017463",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN02017463/index.html"
}
]
}
}

270
2014/4xxx/CVE-2014-4021.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4021",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://xenbits.xen.org/xsa/advisory-100.html",
"refsource" : "CONFIRM",
"url" : "http://xenbits.xen.org/xsa/advisory-100.html"
},
{
"name" : "http://support.citrix.com/article/CTX140984",
"refsource" : "CONFIRM",
"url" : "http://support.citrix.com/article/CTX140984"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2014-0926-1.html",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2014-0926-1.html"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2014-0926.html",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2014-0926.html"
},
{
"name" : "DSA-3006",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3006"
},
{
"name" : "FEDORA-2014-7722",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135071.html"
},
{
"name" : "FEDORA-2014-7734",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135068.html"
},
{
"name" : "GLSA-201407-03",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201407-03.xml"
},
{
"name" : "openSUSE-SU-2014:1279",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html"
},
{
"name" : "openSUSE-SU-2014:1281",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html"
},
{
"name" : "68070",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68070"
},
{
"name" : "1030442",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030442"
},
{
"name" : "59208",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59208"
},
{
"name" : "60027",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60027"
},
{
"name" : "60130",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60130"
},
{
"name" : "60471",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60471"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2014-7722",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135071.html"
},
{
"name": "openSUSE-SU-2014:1281",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html"
},
{
"name": "60471",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60471"
},
{
"name": "60027",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60027"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-0926.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-0926.html"
},
{
"name": "openSUSE-SU-2014:1279",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-0926-1.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-0926-1.html"
},
{
"name": "http://support.citrix.com/article/CTX140984",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX140984"
},
{
"name": "1030442",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030442"
},
{
"name": "GLSA-201407-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201407-03.xml"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-100.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-100.html"
},
{
"name": "60130",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60130"
},
{
"name": "DSA-3006",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3006"
},
{
"name": "68070",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68070"
},
{
"name": "59208",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59208"
},
{
"name": "FEDORA-2014-7734",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135068.html"
}
]
}
}

130
2014/4xxx/CVE-2014-4568.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4568",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in posts/videowhisper/r_logout.php in the Video Posts Webcam Recorder plugin 1.55.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the message parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://codevigilant.com/disclosure/wp-plugin-video-posts-webcam-recorder-a3-cross-site-scripting-xss",
"refsource" : "MISC",
"url" : "http://codevigilant.com/disclosure/wp-plugin-video-posts-webcam-recorder-a3-cross-site-scripting-xss"
},
{
"name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=839990%40video-posts-webcam-recorder&old=686450%40video-posts-webcam-recorder&sfp_email=&sfph_mail=",
"refsource" : "MISC",
"url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=839990%40video-posts-webcam-recorder&old=686450%40video-posts-webcam-recorder&sfp_email=&sfph_mail="
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in posts/videowhisper/r_logout.php in the Video Posts Webcam Recorder plugin 1.55.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the message parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://codevigilant.com/disclosure/wp-plugin-video-posts-webcam-recorder-a3-cross-site-scripting-xss",
"refsource": "MISC",
"url": "http://codevigilant.com/disclosure/wp-plugin-video-posts-webcam-recorder-a3-cross-site-scripting-xss"
},
{
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=839990%40video-posts-webcam-recorder&old=686450%40video-posts-webcam-recorder&sfp_email=&sfph_mail=",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=839990%40video-posts-webcam-recorder&old=686450%40video-posts-webcam-recorder&sfp_email=&sfph_mail="
}
]
}
}

140
2014/4xxx/CVE-2014-4635.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4635",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum Web Development Kit (WDK) before 6.8 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-4635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150105 ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2015-01/0009.html"
},
{
"name" : "http://packetstormsecurity.com/files/129822/EMC-Documentum-Web-Development-Kit-XSS-CSRF-Redirection-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129822/EMC-Documentum-Web-Development-Kit-XSS-CSRF-Redirection-Injection.html"
},
{
"name" : "1031497",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum Web Development Kit (WDK) before 6.8 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/129822/EMC-Documentum-Web-Development-Kit-XSS-CSRF-Redirection-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129822/EMC-Documentum-Web-Development-Kit-XSS-CSRF-Redirection-Injection.html"
},
{
"name": "20150105 ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0009.html"
},
{
"name": "1031497",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031497"
}
]
}
}

290
2014/4xxx/CVE-2014-4656.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4656",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140626 Re: CVE Request: Linux kernel ALSA core control API vulnerabilities",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/06/26/6"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=883a1d49f0d77d30012f114b2e19fc141beb3e8e",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=883a1d49f0d77d30012f114b2e19fc141beb3e8e"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ac902c112d90a89e59916f751c2745f4dbdbb4bd",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ac902c112d90a89e59916f751c2745f4dbdbb4bd"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1113470",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1113470"
},
{
"name" : "https://github.com/torvalds/linux/commit/883a1d49f0d77d30012f114b2e19fc141beb3e8e",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/883a1d49f0d77d30012f114b2e19fc141beb3e8e"
},
{
"name" : "https://github.com/torvalds/linux/commit/ac902c112d90a89e59916f751c2745f4dbdbb4bd",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/ac902c112d90a89e59916f751c2745f4dbdbb4bd"
},
{
"name" : "https://source.android.com/security/bulletin/2017-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-04-01"
},
{
"name" : "RHSA-2014:1083",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1083.html"
},
{
"name" : "RHSA-2015:0087",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0087.html"
},
{
"name" : "SUSE-SU-2015:0812",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
},
{
"name" : "USN-2334-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2334-1"
},
{
"name" : "USN-2335-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2335-1"
},
{
"name" : "1038201",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038201"
},
{
"name" : "59434",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59434"
},
{
"name" : "59777",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59777"
},
{
"name" : "60564",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60564"
},
{
"name" : "60545",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60545"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60545",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60545"
},
{
"name": "https://source.android.com/security/bulletin/2017-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-04-01"
},
{
"name": "https://github.com/torvalds/linux/commit/ac902c112d90a89e59916f751c2745f4dbdbb4bd",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/ac902c112d90a89e59916f751c2745f4dbdbb4bd"
},
{
"name": "USN-2335-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2335-1"
},
{
"name": "RHSA-2015:0087",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0087.html"
},
{
"name": "USN-2334-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2334-1"
},
{
"name": "60564",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60564"
},
{
"name": "RHSA-2014:1083",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1083.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1113470",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1113470"
},
{
"name": "59777",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59777"
},
{
"name": "59434",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59434"
},
{
"name": "https://github.com/torvalds/linux/commit/883a1d49f0d77d30012f114b2e19fc141beb3e8e",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/883a1d49f0d77d30012f114b2e19fc141beb3e8e"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ac902c112d90a89e59916f751c2745f4dbdbb4bd",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ac902c112d90a89e59916f751c2745f4dbdbb4bd"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=883a1d49f0d77d30012f114b2e19fc141beb3e8e",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=883a1d49f0d77d30012f114b2e19fc141beb3e8e"
},
{
"name": "[oss-security] 20140626 Re: CVE Request: Linux kernel ALSA core control API vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/06/26/6"
},
{
"name": "1038201",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038201"
},
{
"name": "SUSE-SU-2015:0812",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
}
]
}
}

150
2014/4xxx/CVE-2014-4811.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4811",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Storwize 3500, 3700, 5000, and 7000 devices and SAN Volume Controller 6.x and 7.x before 7.2.0.8 allow remote attackers to reset the administrator superuser password to its default value via a direct request to the administrative IP address."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ssg1S1004846",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ssg1S1004846"
},
{
"name" : "69771",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69771"
},
{
"name" : "61075",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61075"
},
{
"name" : "ibm-storwize-cve20144811-superuser(95387)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95387"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Storwize 3500, 3700, 5000, and 7000 devices and SAN Volume Controller 6.x and 7.x before 7.2.0.8 allow remote attackers to reset the administrator superuser password to its default value via a direct request to the administrative IP address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ssg1S1004846",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1004846"
},
{
"name": "69771",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69771"
},
{
"name": "61075",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61075"
},
{
"name": "ibm-storwize-cve20144811-superuser(95387)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95387"
}
]
}
}

130
2014/8xxx/CVE-2014-8364.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8364",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ss_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/127770/WordPress-WPSS-0.62-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127770/WordPress-WPSS-0.62-Cross-Site-Scripting.html"
},
{
"name" : "69073",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69073"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ss_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/127770/WordPress-WPSS-0.62-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127770/WordPress-WPSS-0.62-Cross-Site-Scripting.html"
},
{
"name": "69073",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69073"
}
]
}
}

34
2014/8xxx/CVE-2014-8516.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8516",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8516",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/8xxx/CVE-2014-8847.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8847",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-8847",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

130
2014/8xxx/CVE-2014-8911.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8911",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.0 and 2.0.1 before 2.0.1.2 FP002 IF003 and 2.0.3 before 2.0.3.2 FP002 allows remote attackers to inject arbitrary web script or HTML via the Accept-Language HTTP header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-8911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693329",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693329"
},
{
"name" : "ibm-cmis-cve20148911-xss(99252)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99252"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.0 and 2.0.1 before 2.0.1.2 FP002 IF003 and 2.0.3 before 2.0.3.2 FP002 allows remote attackers to inject arbitrary web script or HTML via the Accept-Language HTTP header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21693329",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693329"
},
{
"name": "ibm-cmis-cve20148911-xss(99252)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99252"
}
]
}
}

190
2014/9xxx/CVE-2014-9090.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9090",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141126 Re: CVE Request: Linux kernel LDT handling bugs",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/11/26/5"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6f442be2fb22be02cafa606f1769fa1e6f894441",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6f442be2fb22be02cafa606f1769fa1e6f894441"
},
{
"name" : "https://github.com/torvalds/linux/commit/6f442be2fb22be02cafa606f1769fa1e6f894441",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/6f442be2fb22be02cafa606f1769fa1e6f894441"
},
{
"name" : "DSA-3093",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3093"
},
{
"name" : "openSUSE-SU-2015:0566",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
},
{
"name" : "SUSE-SU-2015:0812",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
},
{
"name" : "SUSE-SU-2015:0736",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html"
},
{
"name" : "62336",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62336"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2015:0736",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html"
},
{
"name": "DSA-3093",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3093"
},
{
"name": "[oss-security] 20141126 Re: CVE Request: Linux kernel LDT handling bugs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/11/26/5"
},
{
"name": "openSUSE-SU-2015:0566",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
},
{
"name": "https://github.com/torvalds/linux/commit/6f442be2fb22be02cafa606f1769fa1e6f894441",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/6f442be2fb22be02cafa606f1769fa1e6f894441"
},
{
"name": "62336",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62336"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6f442be2fb22be02cafa606f1769fa1e6f894441",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6f442be2fb22be02cafa606f1769fa1e6f894441"
},
{
"name": "SUSE-SU-2015:0812",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
}
]
}
}

34
2014/9xxx/CVE-2014-9232.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9232",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-9232",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

130
2014/9xxx/CVE-2014-9363.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9363",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in the path-based meta tag editing form in the Meta tags quick module 7.x-2.x before 7.x-2.8 for Drupal allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the destination parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.drupal.org/node/2296511",
"refsource" : "MISC",
"url" : "https://www.drupal.org/node/2296511"
},
{
"name" : "https://www.drupal.org/node/2295975",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2295975"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in the path-based meta tag editing form in the Meta tags quick module 7.x-2.x before 7.x-2.8 for Drupal allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the destination parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2296511",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2296511"
},
{
"name": "https://www.drupal.org/node/2295975",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2295975"
}
]
}
}

140
2014/9xxx/CVE-2014-9885.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9885",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string specifiers in a name, aka Android internal bug 28769959 and Qualcomm internal bug CR562261."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2014-9885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=a1d5a4cbd5aa8656bc23b40c7cc43941e10f89c3",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=a1d5a4cbd5aa8656bc23b40c7cc43941e10f89c3"
},
{
"name" : "92219",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92219"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string specifiers in a name, aka Android internal bug 28769959 and Qualcomm internal bug CR562261."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"name": "92219",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92219"
},
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=a1d5a4cbd5aa8656bc23b40c7cc43941e10f89c3",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=a1d5a4cbd5aa8656bc23b40c7cc43941e10f89c3"
}
]
}
}

140
2014/9xxx/CVE-2014-9961.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2014-9961",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "All Qualcomm products",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all Android releases from CAF using the Linux kernel, a vulnerability in eMMC write protection exists that can be used to bypass power-on write protection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Data Processing Error in Boot"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2014-9961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All Qualcomm products",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-06-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name" : "98874",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98874"
},
{
"name" : "1038623",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038623"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all Android releases from CAF using the Linux kernel, a vulnerability in eMMC write protection exists that can be used to bypass power-on write protection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Data Processing Error in Boot"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-06-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "98874",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98874"
},
{
"name": "1038623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038623"
}
]
}
}

200
2016/2xxx/CVE-2016-2126.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"ID" : "CVE-2016-2126",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.samba.org/samba/security/CVE-2016-2126.html",
"refsource" : "CONFIRM",
"url" : "https://www.samba.org/samba/security/CVE-2016-2126.html"
},
{
"name" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730",
"refsource" : "CONFIRM",
"url" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730"
},
{
"name" : "RHSA-2017:0494",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0494.html"
},
{
"name" : "RHSA-2017:0495",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0495.html"
},
{
"name" : "RHSA-2017:0662",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0662.html"
},
{
"name" : "RHSA-2017:0744",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0744.html"
},
{
"name" : "RHSA-2017:1265",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1265"
},
{
"name" : "94994",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94994"
},
{
"name" : "1037495",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037495"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.samba.org/samba/security/CVE-2016-2126.html",
"refsource": "CONFIRM",
"url": "https://www.samba.org/samba/security/CVE-2016-2126.html"
},
{
"name": "1037495",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037495"
},
{
"name": "RHSA-2017:0495",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0495.html"
},
{
"name": "RHSA-2017:0494",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0494.html"
},
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730",
"refsource": "CONFIRM",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730"
},
{
"name": "RHSA-2017:1265",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1265"
},
{
"name": "94994",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94994"
},
{
"name": "RHSA-2017:0744",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0744.html"
},
{
"name": "RHSA-2017:0662",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0662.html"
}
]
}
}

168
2016/3xxx/CVE-2016-3051.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-3051",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Access Manager",
"version" : {
"version_data" : [
{
"version_value" : "9.0.0.1"
},
{
"version_value" : "9.0.0"
},
{
"version_value" : "9.0.1.0"
},
{
"version_value" : "9.0.2.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Access Manager for Web 9.0.0 could allow an authenticated user to access some privileged functionality of the server. IBM X-Force ID: 114714."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Bypass Security"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-3051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0.0.1"
},
{
"version_value": "9.0.0"
},
{
"version_value": "9.0.1.0"
},
{
"version_value": "9.0.2.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/114714",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/114714"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21995724",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21995724"
},
{
"name" : "98912",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98912"
},
{
"name" : "1038615",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038615"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager for Web 9.0.0 could allow an authenticated user to access some privileged functionality of the server. IBM X-Force ID: 114714."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass Security"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/114714",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/114714"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21995724",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995724"
},
{
"name": "1038615",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038615"
},
{
"name": "98912",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98912"
}
]
}
}

250
2016/3xxx/CVE-2016-3068.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3068",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://selenic.com/repo/hg-stable/rev/34d43cb85de8",
"refsource" : "CONFIRM",
"url" : "https://selenic.com/repo/hg-stable/rev/34d43cb85de8"
},
{
"name" : "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29",
"refsource" : "CONFIRM",
"url" : "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name" : "DSA-3542",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3542"
},
{
"name" : "FEDORA-2016-79604dde9f",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html"
},
{
"name" : "FEDORA-2016-b7f1f8e3bf",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html"
},
{
"name" : "GLSA-201612-19",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201612-19"
},
{
"name" : "RHSA-2016:0706",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0706.html"
},
{
"name" : "SUSE-SU-2016:1010",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html"
},
{
"name" : "SUSE-SU-2016:1011",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html"
},
{
"name" : "openSUSE-SU-2016:1016",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html"
},
{
"name" : "openSUSE-SU-2016:1073",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html"
},
{
"name" : "85733",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/85733"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2016-79604dde9f",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html"
},
{
"name": "GLSA-201612-19",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-19"
},
{
"name": "DSA-3542",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3542"
},
{
"name": "https://selenic.com/repo/hg-stable/rev/34d43cb85de8",
"refsource": "CONFIRM",
"url": "https://selenic.com/repo/hg-stable/rev/34d43cb85de8"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "openSUSE-SU-2016:1016",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html"
},
{
"name": "RHSA-2016:0706",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0706.html"
},
{
"name": "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29",
"refsource": "CONFIRM",
"url": "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "SUSE-SU-2016:1011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html"
},
{
"name": "SUSE-SU-2016:1010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html"
},
{
"name": "85733",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/85733"
},
{
"name": "FEDORA-2016-b7f1f8e3bf",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html"
},
{
"name": "openSUSE-SU-2016:1073",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html"
}
]
}
}

140
2016/3xxx/CVE-2016-3346.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3346",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows 10 Gold, 1511, and 1607 does not properly enforce permissions, which allows local users to obtain Administrator access via a crafted DLL, aka \"Windows Permissions Enforcement Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-110",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-110"
},
{
"name" : "92846",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92846"
},
{
"name" : "1036798",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036798"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Windows 10 Gold, 1511, and 1607 does not properly enforce permissions, which allows local users to obtain Administrator access via a crafted DLL, aka \"Windows Permissions Enforcement Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-110",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-110"
},
{
"name": "1036798",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036798"
},
{
"name": "92846",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92846"
}
]
}
}

150
2016/3xxx/CVE-2016-3609.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3609",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the OJVM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name" : "91787",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91787"
},
{
"name" : "91890",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91890"
},
{
"name" : "1036363",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036363"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the OJVM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91890",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91890"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "1036363",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036363"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
}
]
}
}

210
2016/3xxx/CVE-2016-3739.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3739",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3739",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://curl.haxx.se/CVE-2016-3739.patch",
"refsource" : "CONFIRM",
"url" : "https://curl.haxx.se/CVE-2016-3739.patch"
},
{
"name" : "https://curl.haxx.se/changes.html#7_49_0",
"refsource" : "CONFIRM",
"url" : "https://curl.haxx.se/changes.html#7_49_0"
},
{
"name" : "https://curl.haxx.se/docs/adv_20160518.html",
"refsource" : "CONFIRM",
"url" : "https://curl.haxx.se/docs/adv_20160518.html"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "GLSA-201701-47",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-47"
},
{
"name" : "SSA:2016-141-01",
"refsource" : "SLACKWARE",
"url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.495349"
},
{
"name" : "90726",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/90726"
},
{
"name" : "1035907",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035907"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
},
{
"name": "1035907",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035907"
},
{
"name": "https://curl.haxx.se/docs/adv_20160518.html",
"refsource": "CONFIRM",
"url": "https://curl.haxx.se/docs/adv_20160518.html"
},
{
"name": "SSA:2016-141-01",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.495349"
},
{
"name": "90726",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90726"
},
{
"name": "https://curl.haxx.se/CVE-2016-3739.patch",
"refsource": "CONFIRM",
"url": "https://curl.haxx.se/CVE-2016-3739.patch"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "GLSA-201701-47",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-47"
},
{
"name": "https://curl.haxx.se/changes.html#7_49_0",
"refsource": "CONFIRM",
"url": "https://curl.haxx.se/changes.html#7_49_0"
}
]
}
}

150
2016/6xxx/CVE-2016-6372.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2016-6372",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco AsyncOS through WSA10.0.0-000",
"version" : {
"version_data" : [
{
"version_value" : "Cisco AsyncOS through WSA10.0.0-000"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of the targeted device. Emails that should have been quarantined could instead be processed. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA on both virtual and hardware appliances that are configured with message or content filters to scan incoming email attachments. More Information: CSCuy54740, CSCuy75174. Known Affected Releases: 9.7.1-066 9.5.0-575 WSA10.0.0-000. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unspecified"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco AsyncOS through WSA10.0.0-000",
"version": {
"version_data": [
{
"version_value": "Cisco AsyncOS through WSA10.0.0-000"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa2",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa2"
},
{
"name" : "93911",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93911"
},
{
"name" : "1037118",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037118"
},
{
"name" : "1037119",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037119"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of the targeted device. Emails that should have been quarantined could instead be processed. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA on both virtual and hardware appliances that are configured with message or content filters to scan incoming email attachments. More Information: CSCuy54740, CSCuy75174. Known Affected Releases: 9.7.1-066 9.5.0-575 WSA10.0.0-000. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa2",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa2"
},
{
"name": "93911",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93911"
},
{
"name": "1037118",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037118"
},
{
"name": "1037119",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037119"
}
]
}
}

160
2016/6xxx/CVE-2016-6496.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6496",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2016-6496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20161031 October 2016 - Crowd - Critical Security Advisory",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/539655/100/0/threaded"
},
{
"name" : "https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf",
"refsource" : "MISC",
"url" : "https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf"
},
{
"name" : "https://confluence.atlassian.com/crowd/crowd-security-advisory-2016-10-19-856697283.html",
"refsource" : "CONFIRM",
"url" : "https://confluence.atlassian.com/crowd/crowd-security-advisory-2016-10-19-856697283.html"
},
{
"name" : "https://jira.atlassian.com/browse/CWD-4790",
"refsource" : "CONFIRM",
"url" : "https://jira.atlassian.com/browse/CWD-4790"
},
{
"name" : "93826",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93826"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/CWD-4790",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/CWD-4790"
},
{
"name": "20161031 October 2016 - Crowd - Critical Security Advisory",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539655/100/0/threaded"
},
{
"name": "https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf",
"refsource": "MISC",
"url": "https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf"
},
{
"name": "https://confluence.atlassian.com/crowd/crowd-security-advisory-2016-10-19-856697283.html",
"refsource": "CONFIRM",
"url": "https://confluence.atlassian.com/crowd/crowd-security-advisory-2016-10-19-856697283.html"
},
{
"name": "93826",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93826"
}
]
}
}

226
2016/6xxx/CVE-2016-6797.json
View File

@ -1,115 +1,115 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2016-10-27T00:00:00",
"ID" : "CVE-2016-6797",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache Tomcat",
"version" : {
"version_data" : [
{
"version_value" : "9.0.0.M1 to 9.0.0.M9"
},
{
"version_value" : "8.5.0 to 8.5.4"
},
{
"version_value" : "8.0.0.RC1 to 8.0.36"
},
{
"version_value" : "7.0.0 to 7.0.70"
},
{
"version_value" : "6.0.0 to 6.0.45"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2016-10-27T00:00:00",
"ID": "CVE-2016-6797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Tomcat",
"version": {
"version_data": [
{
"version_value": "9.0.0.M1 to 9.0.0.M9"
},
{
"version_value": "8.5.0 to 8.5.4"
},
{
"version_value": "8.0.0.RC1 to 8.0.36"
},
{
"version_value": "7.0.0 to 7.0.70"
},
{
"version_value": "6.0.0 to 6.0.45"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[announce] 20161027 [SECURITY] CVE-2016-6797 Apache Tomcat Unrestricted Access to Global Resources",
"refsource" : "MLIST",
"url" : "https://lists.apache.org/thread.html/9325837eb00cba5752c092047433c7f0415134d16e7f391447ff4352@%3Cannounce.tomcat.apache.org%3E"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180605-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180605-0001/"
},
{
"name" : "DSA-3720",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3720"
},
{
"name" : "RHSA-2017:0455",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:0455"
},
{
"name" : "RHSA-2017:0456",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:0456"
},
{
"name" : "RHSA-2017:0457",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0457.html"
},
{
"name" : "RHSA-2017:2247",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2247"
},
{
"name" : "93940",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93940"
},
{
"name" : "1037145",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037145"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93940",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93940"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180605-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180605-0001/"
},
{
"name": "[announce] 20161027 [SECURITY] CVE-2016-6797 Apache Tomcat Unrestricted Access to Global Resources",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/9325837eb00cba5752c092047433c7f0415134d16e7f391447ff4352@%3Cannounce.tomcat.apache.org%3E"
},
{
"name": "1037145",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037145"
},
{
"name": "RHSA-2017:2247",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2247"
},
{
"name": "RHSA-2017:0457",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0457.html"
},
{
"name": "RHSA-2017:0455",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
},
{
"name": "DSA-3720",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3720"
},
{
"name": "RHSA-2017:0456",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
}
]
}
}

150
2016/6xxx/CVE-2016-6801.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6801",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the authentication of unspecified victims for requests that create a resource via an HTTP POST request with a (1) missing or (2) crafted Content-Type header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160914 CVE-2016-6801: CSRF in Jackrabbit-Webdav using empty content-type",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/09/14/6"
},
{
"name" : "https://issues.apache.org/jira/browse/JCR-4009",
"refsource" : "CONFIRM",
"url" : "https://issues.apache.org/jira/browse/JCR-4009"
},
{
"name" : "DSA-3679",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3679"
},
{
"name" : "92966",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92966"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the authentication of unspecified victims for requests that create a resource via an HTTP POST request with a (1) missing or (2) crafted Content-Type header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160914 CVE-2016-6801: CSRF in Jackrabbit-Webdav using empty content-type",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/14/6"
},
{
"name": "DSA-3679",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3679"
},
{
"name": "https://issues.apache.org/jira/browse/JCR-4009",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/JCR-4009"
},
{
"name": "92966",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92966"
}
]
}
}

34
2016/7xxx/CVE-2016-7333.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7333",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7333",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

140
2016/8xxx/CVE-2016-8400.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2016-8400",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Kernel-3.18"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability in the NVIDIA librm library (libnvrm) could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: Kernel-3.18. Android ID: A-31251599. References: N-CVE-2016-8400."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-8400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Kernel-3.18"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2016-12-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2016-12-01.html"
},
{
"name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561",
"refsource" : "CONFIRM",
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"name" : "94713",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94713"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability in the NVIDIA librm library (libnvrm) could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: Kernel-3.18. Android ID: A-31251599. References: N-CVE-2016-8400."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2016-12-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2016-12-01.html"
},
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"name": "94713",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94713"
}
]
}
}