admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:50:59 +00:00
parent dc830214b8
commit fee733b2fc
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
52 changed files with 4244 additions and 4244 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

218
2006/0xxx/CVE-2006-0436.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0436",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain privileges via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0436",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-025.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-025.htm"
},
{
"name" : "HPSBUX02091",
"refsource" : "HP",
"url" : "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00591401"
},
{
"name" : "SSRT061099",
"refsource" : "HP",
"url" : "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00591401"
},
{
"name" : "ADV-2006-0322",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0322"
},
{
"name" : "oval:org.mitre.oval:def:1453",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1453"
},
{
"name" : "oval:org.mitre.oval:def:1577",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1577"
},
{
"name" : "oval:org.mitre.oval:def:1586",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1586"
},
{
"name" : "1015530",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015530"
},
{
"name" : "18600",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18600"
},
{
"name" : "18596",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18596"
},
{
"name" : "hpux-unspecified-privilege-escalation(24318)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24318"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain privileges via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT061099",
"refsource": "HP",
"url": "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00591401"
},
{
"name": "18600",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18600"
},
{
"name": "oval:org.mitre.oval:def:1577",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1577"
},
{
"name": "ADV-2006-0322",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0322"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-025.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-025.htm"
},
{
"name": "hpux-unspecified-privilege-escalation(24318)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24318"
},
{
"name": "18596",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18596"
},
{
"name": "1015530",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015530"
},
{
"name": "HPSBUX02091",
"refsource": "HP",
"url": "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00591401"
},
{
"name": "oval:org.mitre.oval:def:1453",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1453"
},
{
"name": "oval:org.mitre.oval:def:1586",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1586"
}
]
}
}

168
2006/1xxx/CVE-2006-1282.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1282",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when redirecting to other web pages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060314 [KAPDA::#34] - MyBB1.0.4~redirectfunction()~HeaderInjection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/427747/100/0/threaded"
},
{
"name" : "http://kapda.ir/advisory-295.html",
"refsource" : "MISC",
"url" : "http://kapda.ir/advisory-295.html"
},
{
"name" : "http://myimei.com/security/2006-03-10/mybb104redirectfunctionheaderinjection.html",
"refsource" : "MISC",
"url" : "http://myimei.com/security/2006-03-10/mybb104redirectfunctionheaderinjection.html"
},
{
"name" : "http://community.mybboard.net/showthread.php?tid=7368",
"refsource" : "CONFIRM",
"url" : "http://community.mybboard.net/showthread.php?tid=7368"
},
{
"name" : "17097",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17097"
},
{
"name" : "mybb-crlf-header-injection(25267)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25267"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when redirecting to other web pages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060314 [KAPDA::#34] - MyBB1.0.4~redirectfunction()~HeaderInjection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427747/100/0/threaded"
},
{
"name": "17097",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17097"
},
{
"name": "mybb-crlf-header-injection(25267)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25267"
},
{
"name": "http://myimei.com/security/2006-03-10/mybb104redirectfunctionheaderinjection.html",
"refsource": "MISC",
"url": "http://myimei.com/security/2006-03-10/mybb104redirectfunctionheaderinjection.html"
},
{
"name": "http://community.mybboard.net/showthread.php?tid=7368",
"refsource": "CONFIRM",
"url": "http://community.mybboard.net/showthread.php?tid=7368"
},
{
"name": "http://kapda.ir/advisory-295.html",
"refsource": "MISC",
"url": "http://kapda.ir/advisory-295.html"
}
]
}
}

178
2006/1xxx/CVE-2006-1322.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1322",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a denial of service (ABEND) via an MDTM command that uses a long path for the target file, possibly due to a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973435.htm",
"refsource" : "CONFIRM",
"url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973435.htm"
},
{
"name" : "17137",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17137"
},
{
"name" : "ADV-2006-0975",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0975"
},
{
"name" : "23949",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23949"
},
{
"name" : "1015781",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015781"
},
{
"name" : "19265",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19265"
},
{
"name" : "netware-nwftpd-mdtm-dos(25289)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25289"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a denial of service (ABEND) via an MDTM command that uses a long path for the target file, possibly due to a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0975",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0975"
},
{
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973435.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973435.htm"
},
{
"name": "23949",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23949"
},
{
"name": "1015781",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015781"
},
{
"name": "17137",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17137"
},
{
"name": "netware-nwftpd-mdtm-dos(25289)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25289"
},
{
"name": "19265",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19265"
}
]
}
}

188
2006/1xxx/CVE-2006-1962.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1962",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in PCPIN Chat 5.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (login parameter) to main.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060419 PCPIN Chat <= 5.0.4 \"login/language\" remote cmmnds xctn",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/431390/100/0/threaded"
},
{
"name" : "http://retrogod.altervista.org/pcpin_504_xpl.html",
"refsource" : "MISC",
"url" : "http://retrogod.altervista.org/pcpin_504_xpl.html"
},
{
"name" : "20060604 Re: PCPIN Chat <= 5.0.4 \"login/language\" remote cmmnds xctn",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/436029/100/0/threaded"
},
{
"name" : "17632",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17632"
},
{
"name" : "ADV-2006-1441",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1441"
},
{
"name" : "1015968",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015968"
},
{
"name" : "19708",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19708"
},
{
"name" : "pcpin-chat-main-sql-injection(25961)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25961"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in PCPIN Chat 5.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (login parameter) to main.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "pcpin-chat-main-sql-injection(25961)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25961"
},
{
"name": "20060604 Re: PCPIN Chat <= 5.0.4 \"login/language\" remote cmmnds xctn",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436029/100/0/threaded"
},
{
"name": "ADV-2006-1441",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1441"
},
{
"name": "1015968",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015968"
},
{
"name": "20060419 PCPIN Chat <= 5.0.4 \"login/language\" remote cmmnds xctn",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431390/100/0/threaded"
},
{
"name": "17632",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17632"
},
{
"name": "http://retrogod.altervista.org/pcpin_504_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/pcpin_504_xpl.html"
},
{
"name": "19708",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19708"
}
]
}
}

168
2006/5xxx/CVE-2006-5053.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5053",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in webnews/template.php in Web-News 1.6.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content_page parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5053",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2419",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2419"
},
{
"name" : "20166",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20166"
},
{
"name" : "ADV-2006-3763",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3763"
},
{
"name" : "29106",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29106"
},
{
"name" : "22075",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22075"
},
{
"name" : "web-news-template-file-include(29119)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29119"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in webnews/template.php in Web-News 1.6.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content_page parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29106",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29106"
},
{
"name": "2419",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2419"
},
{
"name": "22075",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22075"
},
{
"name": "ADV-2006-3763",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3763"
},
{
"name": "web-news-template-file-include(29119)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29119"
},
{
"name": "20166",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20166"
}
]
}
}

138
2006/5xxx/CVE-2006-5322.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5322",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in phplist before 2.10.3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.phplist.com/news",
"refsource" : "MISC",
"url" : "http://www.phplist.com/news"
},
{
"name" : "http://tincan.co.uk/?lid=1821",
"refsource" : "CONFIRM",
"url" : "http://tincan.co.uk/?lid=1821"
},
{
"name" : "phplist-unspecified-sql-injection(29637)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29637"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in phplist before 2.10.3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.phplist.com/news",
"refsource": "MISC",
"url": "http://www.phplist.com/news"
},
{
"name": "phplist-unspecified-sql-injection(29637)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29637"
},
{
"name": "http://tincan.co.uk/?lid=1821",
"refsource": "CONFIRM",
"url": "http://tincan.co.uk/?lid=1821"
}
]
}
}

168
2006/5xxx/CVE-2006-5486.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5486",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System Messaging Server 6.0 through 6.2 and iPlanet Messaging Server 5.2 allows remote attackers to execute arbitrary Javascript via crafted messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "102497",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102497-1"
},
{
"name" : "20708",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20708"
},
{
"name" : "ADV-2006-4183",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4183"
},
{
"name" : "1017113",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017113"
},
{
"name" : "22575",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22575"
},
{
"name" : "java-webmail-xss(29806)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29806"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System Messaging Server 6.0 through 6.2 and iPlanet Messaging Server 5.2 allows remote attackers to execute arbitrary Javascript via crafted messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20708"
},
{
"name": "1017113",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017113"
},
{
"name": "102497",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102497-1"
},
{
"name": "22575",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22575"
},
{
"name": "ADV-2006-4183",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4183"
},
{
"name": "java-webmail-xss(29806)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29806"
}
]
}
}

128
2006/5xxx/CVE-2006-5538.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5538",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to list contents of the cgi-bin directory via unspecified vectors, probably a direct request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061023 D-Link DSL-G624T several vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/449486/100/0/threaded"
},
{
"name" : "http://www.eazel.es/advisory005-D-Link-DSL-G624T-directoy-transversal-xss-cross-site-scripting-directory-listing-vulnerabilities.html",
"refsource" : "MISC",
"url" : "http://www.eazel.es/advisory005-D-Link-DSL-G624T-directoy-transversal-xss-cross-site-scripting-directory-listing-vulnerabilities.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to list contents of the cgi-bin directory via unspecified vectors, probably a direct request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.eazel.es/advisory005-D-Link-DSL-G624T-directoy-transversal-xss-cross-site-scripting-directory-listing-vulnerabilities.html",
"refsource": "MISC",
"url": "http://www.eazel.es/advisory005-D-Link-DSL-G624T-directoy-transversal-xss-cross-site-scripting-directory-listing-vulnerabilities.html"
},
{
"name": "20061023 D-Link DSL-G624T several vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449486/100/0/threaded"
}
]
}
}

158
2007/2xxx/CVE-2007-2415.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2415",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial of service (application exit) via a long URI. NOTE: this issue was originally reported as a crash, but the vendor states that the impact is a \"clean\" exit in which \"the server I/O loop finishes and the process exits normally.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/forum/forum.php?thread_id=1725156&forum_id=131392",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/forum/forum.php?thread_id=1725156&forum_id=131392"
},
{
"name" : "23713",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23713"
},
{
"name" : "ADV-2007-1579",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1579"
},
{
"name" : "25009",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25009"
},
{
"name" : "pi3web-http-dos(33967)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33967"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial of service (application exit) via a long URI. NOTE: this issue was originally reported as a crash, but the vendor states that the impact is a \"clean\" exit in which \"the server I/O loop finishes and the process exits normally.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23713",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23713"
},
{
"name": "pi3web-http-dos(33967)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33967"
},
{
"name": "ADV-2007-1579",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1579"
},
{
"name": "http://sourceforge.net/forum/forum.php?thread_id=1725156&forum_id=131392",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?thread_id=1725156&forum_id=131392"
},
{
"name": "25009",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25009"
}
]
}
}

288
2007/2xxx/CVE-2007-2650.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2650",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[clamav-devel] 20070418 Bug in OLE2 file parser",
"refsource" : "MLIST",
"url" : "http://lurker.clamav.net/message/20070418.111144.0df6c5d3.en.html"
},
{
"name" : "http://article.gmane.org/gmane.comp.security.virus.clamav.devel/2853",
"refsource" : "MISC",
"url" : "http://article.gmane.org/gmane.comp.security.virus.clamav.devel/2853"
},
{
"name" : "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog",
"refsource" : "CONFIRM",
"url" : "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"name" : "http://kolab.org/security/kolab-vendor-notice-15.txt",
"refsource" : "CONFIRM",
"url" : "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"name" : "DSA-1320",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2007/dsa-1320"
},
{
"name" : "GLSA-200706-05",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200706-05.xml"
},
{
"name" : "MDKSA-2007:115",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:115"
},
{
"name" : "SUSE-SA:2007:033",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_33_clamav.html"
},
{
"name" : "2007-0020",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.org/errata/2007/0020/"
},
{
"name" : "24316",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24316"
},
{
"name" : "ADV-2007-1776",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1776"
},
{
"name" : "25244",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25244"
},
{
"name" : "25553",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25553"
},
{
"name" : "25523",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25523"
},
{
"name" : "25525",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25525"
},
{
"name" : "25558",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25558"
},
{
"name" : "25688",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25688"
},
{
"name" : "25796",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25796"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25796",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25796"
},
{
"name": "[clamav-devel] 20070418 Bug in OLE2 file parser",
"refsource": "MLIST",
"url": "http://lurker.clamav.net/message/20070418.111144.0df6c5d3.en.html"
},
{
"name": "SUSE-SA:2007:033",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_33_clamav.html"
},
{
"name": "25525",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25525"
},
{
"name": "25553",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25553"
},
{
"name": "ADV-2007-1776",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1776"
},
{
"name": "25523",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25523"
},
{
"name": "DSA-1320",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1320"
},
{
"name": "2007-0020",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0020/"
},
{
"name": "24316",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24316"
},
{
"name": "MDKSA-2007:115",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:115"
},
{
"name": "25244",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25244"
},
{
"name": "25558",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25558"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-15.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"name": "http://article.gmane.org/gmane.comp.security.virus.clamav.devel/2853",
"refsource": "MISC",
"url": "http://article.gmane.org/gmane.comp.security.virus.clamav.devel/2853"
},
{
"name": "25688",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25688"
},
{
"name": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog",
"refsource": "CONFIRM",
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"name": "GLSA-200706-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200706-05.xml"
}
]
}
}

408
2010/0xxx/CVE-2010-0007.json
View File

@ -1,207 +1,207 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0007",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "net/bridge/netfilter/ebtables.c in the ebtables module in the netfilter framework in the Linux kernel before 2.6.33-rc4 does not require the CAP_NET_ADMIN capability for setting or modifying rules, which allows local users to bypass intended access restrictions and configure arbitrary network-traffic filtering via a modified ebtables application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name" : "[oss-security] 20100113 CVE Request: kernel ebtables perm check",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/01/14/1"
},
{
"name" : "[oss-security] 20100114 Re: CVE Request: kernel ebtables perm check",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/01/14/3"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dce766af541f6605fa9889892c0280bab31c66ab",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dce766af541f6605fa9889892c0280bab31c66ab"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.33-rc4",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.33-rc4"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=555238",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=555238"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name" : "DSA-1996",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-1996"
},
{
"name" : "DSA-2005",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2005"
},
{
"name" : "FEDORA-2010-0919",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034250.html"
},
{
"name" : "MDVSA-2011:051",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051"
},
{
"name" : "RHSA-2010:0146",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2010-0146.html"
},
{
"name" : "RHSA-2010:0161",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0161.html"
},
{
"name" : "RHSA-2010:0147",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0147.html"
},
{
"name" : "SUSE-SA:2010:012",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
},
{
"name" : "SUSE-SA:2010:013",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html"
},
{
"name" : "SUSE-SA:2010:010",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html"
},
{
"name" : "SUSE-SA:2010:007",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00008.html"
},
{
"name" : "SUSE-SA:2010:014",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html"
},
{
"name" : "37762",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37762"
},
{
"name" : "oval:org.mitre.oval:def:9630",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9630"
},
{
"name" : "38133",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38133"
},
{
"name" : "38333",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38333"
},
{
"name" : "38492",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38492"
},
{
"name" : "38296",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38296"
},
{
"name" : "38779",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38779"
},
{
"name" : "39033",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39033"
},
{
"name" : "43315",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43315"
},
{
"name" : "ADV-2010-0109",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0109"
},
{
"name" : "kernel-ebtables-security-bypass(55602)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55602"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "net/bridge/netfilter/ebtables.c in the ebtables module in the netfilter framework in the Linux kernel before 2.6.33-rc4 does not require the CAP_NET_ADMIN capability for setting or modifying rules, which allows local users to bypass intended access restrictions and configure arbitrary network-traffic filtering via a modified ebtables application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2010:0146",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0146.html"
},
{
"name": "RHSA-2010:0147",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0147.html"
},
{
"name": "SUSE-SA:2010:007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00008.html"
},
{
"name": "[oss-security] 20100114 Re: CVE Request: kernel ebtables perm check",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/01/14/3"
},
{
"name": "38779",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38779"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dce766af541f6605fa9889892c0280bab31c66ab",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dce766af541f6605fa9889892c0280bab31c66ab"
},
{
"name": "38296",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38296"
},
{
"name": "SUSE-SA:2010:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
},
{
"name": "SUSE-SA:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html"
},
{
"name": "37762",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37762"
},
{
"name": "MDVSA-2011:051",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051"
},
{
"name": "FEDORA-2010-0919",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034250.html"
},
{
"name": "DSA-1996",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-1996"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.33-rc4",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.33-rc4"
},
{
"name": "38133",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38133"
},
{
"name": "43315",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43315"
},
{
"name": "[oss-security] 20100113 CVE Request: kernel ebtables perm check",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/01/14/1"
},
{
"name": "ADV-2010-0109",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0109"
},
{
"name": "39033",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39033"
},
{
"name": "SUSE-SA:2010:013",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html"
},
{
"name": "38333",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38333"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "oval:org.mitre.oval:def:9630",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9630"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=555238",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=555238"
},
{
"name": "DSA-2005",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2005"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "SUSE-SA:2010:010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html"
},
{
"name": "kernel-ebtables-security-bypass(55602)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55602"
},
{
"name": "38492",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38492"
},
{
"name": "RHSA-2010:0161",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0161.html"
}
]
}
}

158
2010/0xxx/CVE-2010-0258.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0258",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that causes memory to be interpreted as a different object type than intended, aka \"Microsoft Office Excel Sheet Object Type Confusion Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-0258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100309 Microsoft Excel Sheet Object Type Confusion Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=859"
},
{
"name" : "MS10-017",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"name" : "TA10-068A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"name" : "oval:org.mitre.oval:def:8545",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8545"
},
{
"name" : "1023698",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023698"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that causes memory to be interpreted as a different object type than intended, aka \"Microsoft Office Excel Sheet Object Type Confusion Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100309 Microsoft Excel Sheet Object Type Confusion Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=859"
},
{
"name": "oval:org.mitre.oval:def:8545",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8545"
},
{
"name": "MS10-017",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"name": "TA10-068A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"name": "1023698",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023698"
}
]
}
}

158
2010/0xxx/CVE-2010-0596.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0596",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Cisco Mediator Framework 2.2 before 2.2.1.dev.1 and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 allows remote authenticated users to read or modify the device configuration, and gain privileges, via a (1) HTTP or (2) HTTPS request, aka Bug ID CSCtb83607."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-0596",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-10-147-01_Cisco_Network_Building_Mediator.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-10-147-01_Cisco_Network_Building_Mediator.pdf"
},
{
"name" : "20100526 Multiple Vulnerabilities in Cisco Network Building Mediator",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c518.shtml"
},
{
"name" : "VU#757804",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/757804"
},
{
"name" : "1024027",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024027"
},
{
"name" : "39904",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39904"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Cisco Mediator Framework 2.2 before 2.2.1.dev.1 and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 allows remote authenticated users to read or modify the device configuration, and gain privileges, via a (1) HTTP or (2) HTTPS request, aka Bug ID CSCtb83607."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024027",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024027"
},
{
"name": "20100526 Multiple Vulnerabilities in Cisco Network Building Mediator",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c518.shtml"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-147-01_Cisco_Network_Building_Mediator.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-147-01_Cisco_Network_Building_Mediator.pdf"
},
{
"name": "VU#757804",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/757804"
},
{
"name": "39904",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39904"
}
]
}
}

118
2010/0xxx/CVE-2010-0905.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0905",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2 and 12.0.4 allows remote attackers to affect integrity via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-0905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2 and 12.0.4 allows remote attackers to affect integrity via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
}
]
}
}

138
2010/1xxx/CVE-2010-1075.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1075",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in Entry Level CMS (EL CMS) allows remote attackers to execute arbitrary SQL commands via the subj parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1075",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1002-exploits/elcms-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1002-exploits/elcms-sql.txt"
},
{
"name" : "62513",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/62513"
},
{
"name" : "38688",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38688"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Entry Level CMS (EL CMS) allows remote attackers to execute arbitrary SQL commands via the subj parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/1002-exploits/elcms-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1002-exploits/elcms-sql.txt"
},
{
"name": "62513",
"refsource": "OSVDB",
"url": "http://osvdb.org/62513"
},
{
"name": "38688",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38688"
}
]
}
}

148
2010/1xxx/CVE-2010-1273.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1273",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Emweb Wt before 3.1.1 does not validate the UTF-8 encoding of (1) form values and (2) JSignal arguments, which has unspecified impact and remote attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.webtoolkit.eu/wt/doc/reference/html/Releasenotes.html",
"refsource" : "CONFIRM",
"url" : "http://www.webtoolkit.eu/wt/doc/reference/html/Releasenotes.html"
},
{
"name" : "38541",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38541"
},
{
"name" : "62717",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/62717"
},
{
"name" : "38759",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38759"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Emweb Wt before 3.1.1 does not validate the UTF-8 encoding of (1) form values and (2) JSignal arguments, which has unspecified impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webtoolkit.eu/wt/doc/reference/html/Releasenotes.html",
"refsource": "CONFIRM",
"url": "http://www.webtoolkit.eu/wt/doc/reference/html/Releasenotes.html"
},
{
"name": "62717",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/62717"
},
{
"name": "38759",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38759"
},
{
"name": "38541",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38541"
}
]
}
}

148
2010/1xxx/CVE-2010-1708.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1708",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in agentadmin.php in Free Realty allow remote attackers to execute arbitrary SQL commands via the (1) login field (aka agentname parameter) or (2) password field (aka agentpassword parameter)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1004-exploits/freerealty-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1004-exploits/freerealty-sql.txt"
},
{
"name" : "12411",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/12411"
},
{
"name" : "39712",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39712"
},
{
"name" : "freerealty-agentadmin-sql-injection(58193)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58193"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in agentadmin.php in Free Realty allow remote attackers to execute arbitrary SQL commands via the (1) login field (aka agentname parameter) or (2) password field (aka agentpassword parameter)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12411",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12411"
},
{
"name": "39712",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39712"
},
{
"name": "http://packetstormsecurity.org/1004-exploits/freerealty-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1004-exploits/freerealty-sql.txt"
},
{
"name": "freerealty-agentadmin-sql-injection(58193)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58193"
}
]
}
}

308
2010/1xxx/CVE-2010-1812.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1812",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving selections."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-1812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4334",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4334"
},
{
"name" : "http://support.apple.com/kb/HT4455",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4455"
},
{
"name" : "http://support.apple.com/kb/HT4456",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4456"
},
{
"name" : "APPLE-SA-2010-09-08-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"name" : "APPLE-SA-2010-11-18-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html"
},
{
"name" : "APPLE-SA-2010-11-22-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"name" : "MDVSA-2011:039",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name" : "RHSA-2011:0177",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0177.html"
},
{
"name" : "SUSE-SR:2011:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name" : "USN-1006-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"name" : "43079",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43079"
},
{
"name" : "41856",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41856"
},
{
"name" : "42314",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42314"
},
{
"name" : "43068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43068"
},
{
"name" : "43086",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43086"
},
{
"name" : "ADV-2010-2722",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name" : "ADV-2011-0212",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name" : "ADV-2011-0216",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0216"
},
{
"name" : "ADV-2011-0552",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0552"
},
{
"name" : "appleios-selections-code-exec(61699)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61699"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving selections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:039",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name": "ADV-2010-2722",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "APPLE-SA-2010-09-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"name": "http://support.apple.com/kb/HT4334",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4334"
},
{
"name": "USN-1006-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"name": "http://support.apple.com/kb/HT4455",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4455"
},
{
"name": "41856",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41856"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "ADV-2011-0216",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0216"
},
{
"name": "43079",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43079"
},
{
"name": "43086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43086"
},
{
"name": "appleios-selections-code-exec(61699)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61699"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "APPLE-SA-2010-11-18-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html"
},
{
"name": "42314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42314"
},
{
"name": "RHSA-2011:0177",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0177.html"
},
{
"name": "ADV-2011-0552",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"name": "http://support.apple.com/kb/HT4456",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "APPLE-SA-2010-11-22-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
]
}
}

168
2010/1xxx/CVE-2010-1959.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1959",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP TestDirector for Quality Center 9.2 before Patch8 allows remote attackers to modify data via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2010-1959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBGN02315",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01373684"
},
{
"name" : "SSRT071487",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01373684"
},
{
"name" : "40371",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40371"
},
{
"name" : "64917",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/64917"
},
{
"name" : "1024025",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024025"
},
{
"name" : "39943",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39943"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP TestDirector for Quality Center 9.2 before Patch8 allows remote attackers to modify data via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBGN02315",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01373684"
},
{
"name": "39943",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39943"
},
{
"name": "SSRT071487",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01373684"
},
{
"name": "1024025",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024025"
},
{
"name": "64917",
"refsource": "OSVDB",
"url": "http://osvdb.org/64917"
},
{
"name": "40371",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40371"
}
]
}
}

408
2010/3xxx/CVE-2010-3874.json
View File

@ -1,207 +1,207 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3874",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.36.2 on 64-bit platforms might allow local users to cause a denial of service (memory corruption) via a connect operation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[netdev] 20101102 [SECURITY] CAN info leak/minor heap overflow",
"refsource" : "MLIST",
"url" : "http://www.spinics.net/lists/netdev/msg145791.html"
},
{
"name" : "[netdev] 20101110 can-bcm: fix minor heap overflow",
"refsource" : "MLIST",
"url" : "http://www.spinics.net/lists/netdev/msg146469.html"
},
{
"name" : "[oss-security] 20101103 CVE request: kernel: CAN information leak",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/11/03/3"
},
{
"name" : "[oss-security] 20101104 Re: CVE request: kernel: CAN information leak",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/11/04/4"
},
{
"name" : "[oss-security] 20101220 CVE request: kernel: CAN information leak, 2nd attempt",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/12/20/2"
},
{
"name" : "[oss-security] 20101220 Re: CVE request: kernel: CAN information leak, 2nd attempt",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/12/20/3"
},
{
"name" : "[oss-security] 20101220 Re: CVE request: kernel: CAN information leak, 2nd attempt",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/12/20/4"
},
{
"name" : "[oss-security] 20101220 Re: CVE request: kernel: CAN information leak, 2nd attempt",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/12/21/1"
},
{
"name" : "[oss-security] 20101220 Re: CVE request: kernel: CAN information leak, 2nd attempt",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/12/20/5"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0597d1b99fcfc2c0eada09a698f85ed413d4ba84",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0597d1b99fcfc2c0eada09a698f85ed413d4ba84"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=649695",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=649695"
},
{
"name" : "DSA-2126",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2126"
},
{
"name" : "FEDORA-2010-18983",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html"
},
{
"name" : "MDVSA-2011:029",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029"
},
{
"name" : "RHSA-2010:0958",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0958.html"
},
{
"name" : "RHSA-2011:0007",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0007.html"
},
{
"name" : "SUSE-SA:2011:001",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html"
},
{
"name" : "SUSE-SA:2011:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html"
},
{
"name" : "SUSE-SA:2011:004",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html"
},
{
"name" : "SUSE-SA:2011:007",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
},
{
"name" : "42745",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42745"
},
{
"name" : "42778",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42778"
},
{
"name" : "42801",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42801"
},
{
"name" : "42932",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42932"
},
{
"name" : "42890",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42890"
},
{
"name" : "ADV-2010-3321",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3321"
},
{
"name" : "ADV-2011-0012",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0012"
},
{
"name" : "ADV-2011-0124",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0124"
},
{
"name" : "ADV-2011-0298",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0298"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.36.2 on 64-bit platforms might allow local users to cause a denial of service (memory corruption) via a connect operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2011:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html"
},
{
"name": "42778",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42778"
},
{
"name": "[oss-security] 20101220 CVE request: kernel: CAN information leak, 2nd attempt",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/12/20/2"
},
{
"name": "42801",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42801"
},
{
"name": "SUSE-SA:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html"
},
{
"name": "[oss-security] 20101220 Re: CVE request: kernel: CAN information leak, 2nd attempt",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/12/20/4"
},
{
"name": "[oss-security] 20101220 Re: CVE request: kernel: CAN information leak, 2nd attempt",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/12/20/3"
},
{
"name": "FEDORA-2010-18983",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html"
},
{
"name": "[oss-security] 20101220 Re: CVE request: kernel: CAN information leak, 2nd attempt",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/12/21/1"
},
{
"name": "SUSE-SA:2011:001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html"
},
{
"name": "42932",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42932"
},
{
"name": "[oss-security] 20101104 Re: CVE request: kernel: CAN information leak",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/11/04/4"
},
{
"name": "RHSA-2011:0007",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0007.html"
},
{
"name": "ADV-2011-0124",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0124"
},
{
"name": "SUSE-SA:2011:007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
},
{
"name": "ADV-2010-3321",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3321"
},
{
"name": "[netdev] 20101102 [SECURITY] CAN info leak/minor heap overflow",
"refsource": "MLIST",
"url": "http://www.spinics.net/lists/netdev/msg145791.html"
},
{
"name": "ADV-2011-0298",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0298"
},
{
"name": "RHSA-2010:0958",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0958.html"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=649695",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=649695"
},
{
"name": "42890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42890"
},
{
"name": "ADV-2011-0012",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0012"
},
{
"name": "MDVSA-2011:029",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029"
},
{
"name": "42745",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42745"
},
{
"name": "[oss-security] 20101220 Re: CVE request: kernel: CAN information leak, 2nd attempt",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/12/20/5"
},
{
"name": "[oss-security] 20101103 CVE request: kernel: CAN information leak",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/11/03/3"
},
{
"name": "[netdev] 20101110 can-bcm: fix minor heap overflow",
"refsource": "MLIST",
"url": "http://www.spinics.net/lists/netdev/msg146469.html"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0597d1b99fcfc2c0eada09a698f85ed413d4ba84",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0597d1b99fcfc2c0eada09a698f85ed413d4ba84"
},
{
"name": "DSA-2126",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2126"
}
]
}
}

178
2010/4xxx/CVE-2010-4043.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4043",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Opera before 10.63 does not prevent interpretation of a cross-origin document as a CSS stylesheet when the document lacks a CSS token sequence, which allows remote attackers to obtain sensitive information via a crafted document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.opera.com/docs/changelogs/mac/1063/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/mac/1063/"
},
{
"name" : "http://www.opera.com/docs/changelogs/unix/1063/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/unix/1063/"
},
{
"name" : "http://www.opera.com/docs/changelogs/windows/1063/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/windows/1063/"
},
{
"name" : "http://www.opera.com/support/kb/view/971/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/support/kb/view/971/"
},
{
"name" : "oval:org.mitre.oval:def:12208",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12208"
},
{
"name" : "1024570",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024570"
},
{
"name" : "41740",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41740"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera before 10.63 does not prevent interpretation of a cross-origin document as a CSS stylesheet when the document lacks a CSS token sequence, which allows remote attackers to obtain sensitive information via a crafted document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024570",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024570"
},
{
"name": "oval:org.mitre.oval:def:12208",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12208"
},
{
"name": "http://www.opera.com/docs/changelogs/mac/1063/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/mac/1063/"
},
{
"name": "http://www.opera.com/support/kb/view/971/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/support/kb/view/971/"
},
{
"name": "41740",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41740"
},
{
"name": "http://www.opera.com/docs/changelogs/unix/1063/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/unix/1063/"
},
{
"name": "http://www.opera.com/docs/changelogs/windows/1063/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/1063/"
}
]
}
}

32
2010/4xxx/CVE-2010-4289.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4289",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2010-4289",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
}

32
2010/4xxx/CVE-2010-4317.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4317",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4317",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

158
2010/4xxx/CVE-2010-4648.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4648",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The orinoco_ioctl_set_auth function in drivers/net/wireless/orinoco/wext.c in the Linux kernel before 2.6.37 does not properly implement a TKIP protection mechanism, which makes it easier for remote attackers to obtain access to a Wi-Fi network by reading Wi-Fi frames."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4648",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110106 Re: CVE Request: kernel [Re: Security review of 2.6.32.28]",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/01/06/18"
},
{
"name" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37",
"refsource" : "CONFIRM",
"url" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0a54917c3fc295cb61f3fb52373c173fd3b69f48",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0a54917c3fc295cb61f3fb52373c173fd3b69f48"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=667907",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=667907"
},
{
"name" : "https://github.com/torvalds/linux/commit/0a54917c3fc295cb61f3fb52373c173fd3b69f48",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/0a54917c3fc295cb61f3fb52373c173fd3b69f48"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The orinoco_ioctl_set_auth function in drivers/net/wireless/orinoco/wext.c in the Linux kernel before 2.6.37 does not properly implement a TKIP protection mechanism, which makes it easier for remote attackers to obtain access to a Wi-Fi network by reading Wi-Fi frames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110106 Re: CVE Request: kernel [Re: Security review of 2.6.32.28]",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/01/06/18"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=667907",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=667907"
},
{
"name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37",
"refsource": "CONFIRM",
"url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0a54917c3fc295cb61f3fb52373c173fd3b69f48",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0a54917c3fc295cb61f3fb52373c173fd3b69f48"
},
{
"name": "https://github.com/torvalds/linux/commit/0a54917c3fc295cb61f3fb52373c173fd3b69f48",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/0a54917c3fc295cb61f3fb52373c173fd3b69f48"
}
]
}
}

118
2010/4xxx/CVE-2010-4888.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4888",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
}
]
}
}

178
2014/0xxx/CVE-2014-0002.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0002",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://camel.apache.org/security-advisories.data/CVE-2014-0002.txt.asc",
"refsource" : "CONFIRM",
"url" : "http://camel.apache.org/security-advisories.data/CVE-2014-0002.txt.asc"
},
{
"name" : "RHSA-2014:0371",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0371.html"
},
{
"name" : "RHSA-2014:0372",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0372.html"
},
{
"name" : "65901",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65901"
},
{
"name" : "57125",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57125"
},
{
"name" : "57716",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57716"
},
{
"name" : "57719",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57719"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57125",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57125"
},
{
"name": "RHSA-2014:0371",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0371.html"
},
{
"name": "http://camel.apache.org/security-advisories.data/CVE-2014-0002.txt.asc",
"refsource": "CONFIRM",
"url": "http://camel.apache.org/security-advisories.data/CVE-2014-0002.txt.asc"
},
{
"name": "57719",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57719"
},
{
"name": "65901",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65901"
},
{
"name": "57716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57716"
},
{
"name": "RHSA-2014:0372",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0372.html"
}
]
}
}

178
2014/0xxx/CVE-2014-0377.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0377",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via vectors related to SYS tables."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-0377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name" : "SUSE-SU-2014:0130",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00007.html"
},
{
"name" : "64758",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64758"
},
{
"name" : "64824",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64824"
},
{
"name" : "102081",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/102081"
},
{
"name" : "1029607",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029607"
},
{
"name" : "56452",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56452"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via vectors related to SYS tables."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102081",
"refsource": "OSVDB",
"url": "http://osvdb.org/102081"
},
{
"name": "1029607",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029607"
},
{
"name": "64824",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64824"
},
{
"name": "56452",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56452"
},
{
"name": "SUSE-SU-2014:0130",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00007.html"
},
{
"name": "64758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64758"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
}
]
}
}

178
2014/0xxx/CVE-2014-0473.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0473",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-0473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.djangoproject.com/weblog/2014/apr/21/security/",
"refsource" : "CONFIRM",
"url" : "https://www.djangoproject.com/weblog/2014/apr/21/security/"
},
{
"name" : "DSA-2934",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2934"
},
{
"name" : "RHSA-2014:0456",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0456.html"
},
{
"name" : "RHSA-2014:0457",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0457.html"
},
{
"name" : "openSUSE-SU-2014:1132",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html"
},
{
"name" : "USN-2169-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2169-1"
},
{
"name" : "61281",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61281"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2169-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2169-1"
},
{
"name": "https://www.djangoproject.com/weblog/2014/apr/21/security/",
"refsource": "CONFIRM",
"url": "https://www.djangoproject.com/weblog/2014/apr/21/security/"
},
{
"name": "RHSA-2014:0457",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0457.html"
},
{
"name": "61281",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61281"
},
{
"name": "DSA-2934",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2934"
},
{
"name": "openSUSE-SU-2014:1132",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html"
},
{
"name": "RHSA-2014:0456",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0456.html"
}
]
}
}

138
2014/10xxx/CVE-2014-10032.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-10032",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in news_popup.php in Taboada MacroNews 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-10032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "30689",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/30689"
},
{
"name" : "102207",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/show/osvdb/102207"
},
{
"name" : "taboadamacronews-newspopup-sql-injection(90459)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90459"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in news_popup.php in Taboada MacroNews 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "taboadamacronews-newspopup-sql-injection(90459)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90459"
},
{
"name": "30689",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/30689"
},
{
"name": "102207",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/102207"
}
]
}
}

32
2014/4xxx/CVE-2014-4561.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4561",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4561",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

118
2014/4xxx/CVE-2014-4851.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4851",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in msg.php in FoeCMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the r parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/127358/FoeCMS-XSS-SQL-Injection-Open-Redirect.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127358/FoeCMS-XSS-SQL-Injection-Open-Redirect.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in msg.php in FoeCMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the r parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/127358/FoeCMS-XSS-SQL-Injection-Open-Redirect.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127358/FoeCMS-XSS-SQL-Injection-Open-Redirect.html"
}
]
}
}

178
2014/9xxx/CVE-2014-9033.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9033",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in wp-login.php in WordPress 3.7.4, 3.8.4, 3.9.2, and 4.0 allows remote attackers to hijack the authentication of arbitrary users for requests that reset passwords."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141125 Re: WordPress 4.0.1 Security Release",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/11/25/12"
},
{
"name" : "http://core.trac.wordpress.org/changeset/30418",
"refsource" : "CONFIRM",
"url" : "http://core.trac.wordpress.org/changeset/30418"
},
{
"name" : "https://wordpress.org/news/2014/11/wordpress-4-0-1/",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/news/2014/11/wordpress-4-0-1/"
},
{
"name" : "http://advisories.mageia.org/MGASA-2014-0493.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2014-0493.html"
},
{
"name" : "DSA-3085",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3085"
},
{
"name" : "MDVSA-2014:233",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:233"
},
{
"name" : "1031243",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031243"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in wp-login.php in WordPress 3.7.4, 3.8.4, 3.9.2, and 4.0 allows remote attackers to hijack the authentication of arbitrary users for requests that reset passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3085",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3085"
},
{
"name": "http://core.trac.wordpress.org/changeset/30418",
"refsource": "CONFIRM",
"url": "http://core.trac.wordpress.org/changeset/30418"
},
{
"name": "[oss-security] 20141125 Re: WordPress 4.0.1 Security Release",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/11/25/12"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0493.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0493.html"
},
{
"name": "1031243",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031243"
},
{
"name": "MDVSA-2014:233",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:233"
},
{
"name": "https://wordpress.org/news/2014/11/wordpress-4-0-1/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/news/2014/11/wordpress-4-0-1/"
}
]
}
}

32
2014/9xxx/CVE-2014-9167.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9167",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-9167",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

32
2014/9xxx/CVE-2014-9383.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9383",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9383",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

248
2014/9xxx/CVE-2014-9636.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9636",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141102 unzip -t crasher",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2014/q4/489"
},
{
"name" : "[oss-security] 20141103 Re: unzip -t crasher",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2014/q4/496"
},
{
"name" : "[oss-security] 20141222 CVE Request: Info-ZIP unzip 6.0",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2015/q1/216"
},
{
"name" : "[oss-security] 20141222 Re: CVE Request: Info-ZIP unzip 6.0",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2014/q4/1131"
},
{
"name" : "http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450",
"refsource" : "CONFIRM",
"url" : "http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name" : "DSA-3152",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3152"
},
{
"name" : "FEDORA-2015-1189",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148792.html"
},
{
"name" : "FEDORA-2015-1267",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148849.html"
},
{
"name" : "GLSA-201611-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201611-01"
},
{
"name" : "USN-2489-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2489-1"
},
{
"name" : "71825",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71825"
},
{
"name" : "62738",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62738"
},
{
"name" : "62751",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62751"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20141222 Re: CVE Request: Info-ZIP unzip 6.0",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q4/1131"
},
{
"name": "62738",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62738"
},
{
"name": "GLSA-201611-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-01"
},
{
"name": "FEDORA-2015-1267",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148849.html"
},
{
"name": "62751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62751"
},
{
"name": "[oss-security] 20141222 CVE Request: Info-ZIP unzip 6.0",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q1/216"
},
{
"name": "71825",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71825"
},
{
"name": "USN-2489-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2489-1"
},
{
"name": "DSA-3152",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3152"
},
{
"name": "[oss-security] 20141102 unzip -t crasher",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q4/489"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "FEDORA-2015-1189",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148792.html"
},
{
"name": "[oss-security] 20141103 Re: unzip -t crasher",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q4/496"
},
{
"name": "http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450",
"refsource": "CONFIRM",
"url": "http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450"
}
]
}
}

218
2014/9xxx/CVE-2014-9853.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9853",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160602 Re: ImageMagick CVEs",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343513",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343513"
},
{
"name" : "SUSE-SU-2016:1782",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html"
},
{
"name" : "SUSE-SU-2016:1783",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html"
},
{
"name" : "SUSE-SU-2016:1784",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html"
},
{
"name" : "openSUSE-SU-2016:1724",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html"
},
{
"name" : "openSUSE-SU-2016:1748",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html"
},
{
"name" : "openSUSE-SU-2016:1833",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html"
},
{
"name" : "openSUSE-SU-2016:2073",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html"
},
{
"name" : "openSUSE-SU-2016:3060",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html"
},
{
"name" : "USN-3131-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3131-1"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:2073",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html"
},
{
"name": "openSUSE-SU-2016:1833",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html"
},
{
"name": "openSUSE-SU-2016:3060",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html"
},
{
"name": "openSUSE-SU-2016:1724",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html"
},
{
"name": "SUSE-SU-2016:1782",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html"
},
{
"name": "[oss-security] 20160602 Re: ImageMagick CVEs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name": "openSUSE-SU-2016:1748",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html"
},
{
"name": "SUSE-SU-2016:1784",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html"
},
{
"name": "SUSE-SU-2016:1783",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343513",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343513"
},
{
"name": "USN-3131-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3131-1"
}
]
}
}

138
2014/9xxx/CVE-2014-9894.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9894",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not ensure that certain name strings end in a '\\0' character, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28749708 and Qualcomm internal bug CR545736."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2014-9894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=83214431cd02674c70402b160b16b7427e28737f",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=83214431cd02674c70402b160b16b7427e28737f"
},
{
"name" : "92222",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92222"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not ensure that certain name strings end in a '\\0' character, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28749708 and Qualcomm internal bug CR545736."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=83214431cd02674c70402b160b16b7427e28737f",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=83214431cd02674c70402b160b16b7427e28737f"
},
{
"name": "92222",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92222"
}
]
}
}

238
2016/3xxx/CVE-2016-3142.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3142",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\\x05\\x06 signature at an invalid location."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"ID": "CVE-2016-3142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.php.net/bug.php?id=71498",
"refsource" : "CONFIRM",
"url" : "https://bugs.php.net/bug.php?id=71498"
},
{
"name" : "https://git.php.net/?p=php-src.git;a=commit;h=a6fdc5bb27b20d889de0cd29318b3968aabb57bd",
"refsource" : "CONFIRM",
"url" : "https://git.php.net/?p=php-src.git;a=commit;h=a6fdc5bb27b20d889de0cd29318b3968aabb57bd"
},
{
"name" : "https://php.net/ChangeLog-5.php",
"refsource" : "CONFIRM",
"url" : "https://php.net/ChangeLog-5.php"
},
{
"name" : "https://support.apple.com/HT206567",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT206567"
},
{
"name" : "APPLE-SA-2016-05-16-4",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html"
},
{
"name" : "RHSA-2016:2750",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"name" : "SUSE-SU-2016:1145",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html"
},
{
"name" : "SUSE-SU-2016:1166",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html"
},
{
"name" : "openSUSE-SU-2016:1167",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html"
},
{
"name" : "openSUSE-SU-2016:1173",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html"
},
{
"name" : "USN-2952-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2952-1"
},
{
"name" : "USN-2952-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2952-2"
},
{
"name" : "1035255",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035255"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\\x05\\x06 signature at an invalid location."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2952-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2952-1"
},
{
"name": "https://support.apple.com/HT206567",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206567"
},
{
"name": "openSUSE-SU-2016:1173",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html"
},
{
"name": "RHSA-2016:2750",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"name": "SUSE-SU-2016:1166",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html"
},
{
"name": "USN-2952-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2952-2"
},
{
"name": "APPLE-SA-2016-05-16-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html"
},
{
"name": "1035255",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035255"
},
{
"name": "https://php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "https://php.net/ChangeLog-5.php"
},
{
"name": "openSUSE-SU-2016:1167",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html"
},
{
"name": "SUSE-SU-2016:1145",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html"
},
{
"name": "https://git.php.net/?p=php-src.git;a=commit;h=a6fdc5bb27b20d889de0cd29318b3968aabb57bd",
"refsource": "CONFIRM",
"url": "https://git.php.net/?p=php-src.git;a=commit;h=a6fdc5bb27b20d889de0cd29318b3968aabb57bd"
},
{
"name": "https://bugs.php.net/bug.php?id=71498",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=71498"
}
]
}
}

128
2016/3xxx/CVE-2016-3228.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3228",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows Server 2012 Gold and R2 allow remote authenticated users to execute arbitrary code via a crafted NetLogon request, aka \"Windows Netlogon Memory Corruption Remote Code Execution Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3228",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-076",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-076"
},
{
"name" : "1036103",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036103"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows Server 2012 Gold and R2 allow remote authenticated users to execute arbitrary code via a crafted NetLogon request, aka \"Windows Netlogon Memory Corruption Remote Code Execution Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036103",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036103"
},
{
"name": "MS16-076",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-076"
}
]
}
}

138
2016/3xxx/CVE-2016-3305.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3305",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 mishandles session objects, which allows local users to hijack sessions, and consequently gain privileges, via a crafted application, aka \"Windows Session Object Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-3306."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-111",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-111"
},
{
"name" : "92812",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92812"
},
{
"name" : "1036802",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036802"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 mishandles session objects, which allows local users to hijack sessions, and consequently gain privileges, via a crafted application, aka \"Windows Session Object Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-3306."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-111",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-111"
},
{
"name": "1036802",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036802"
},
{
"name": "92812",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92812"
}
]
}
}

168
2016/3xxx/CVE-2016-3596.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3596",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, and CVE-2016-3595."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3596",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988009",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988009"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988718",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988718"
},
{
"name" : "91787",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91787"
},
{
"name" : "91942",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91942"
},
{
"name" : "1036370",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036370"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, and CVE-2016-3595."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21988009",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988009"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "91942",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91942"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21988718",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988718"
},
{
"name": "1036370",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036370"
}
]
}
}

118
2016/3xxx/CVE-2016-3799.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3799",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The MediaTek video driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28175025 and MediaTek internal bug ALPS02693738."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-07-01.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MediaTek video driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28175025 and MediaTek internal bug ALPS02693738."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
}
]
}
}

128
2016/3xxx/CVE-2016-3972.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3972",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the fileName parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20160408 [CVE-2016-3972]DotCMS Directory traversal vulnerability",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2016/Apr/36"
},
{
"name" : "http://dotcms.com/security/SI-34",
"refsource" : "CONFIRM",
"url" : "http://dotcms.com/security/SI-34"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the fileName parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dotcms.com/security/SI-34",
"refsource": "CONFIRM",
"url": "http://dotcms.com/security/SI-34"
},
{
"name": "20160408 [CVE-2016-3972]DotCMS Directory traversal vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Apr/36"
}
]
}
}

248
2016/6xxx/CVE-2016-6480.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6480",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a \"double fetch\" vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20160801 [CVE-2016-6480] Double-Fetch Vulnerability in Linux-4.5/drivers/scsi/aacraid/commctrl.c",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/539074/30/0/threaded"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1362466",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1362466"
},
{
"name" : "RHSA-2016:2574",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
},
{
"name" : "RHSA-2016:2584",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
},
{
"name" : "RHSA-2017:0817",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0817.html"
},
{
"name" : "SUSE-SU-2016:2230",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00001.html"
},
{
"name" : "SUSE-SU-2016:2174",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.html"
},
{
"name" : "SUSE-SU-2016:2175",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00049.html"
},
{
"name" : "SUSE-SU-2016:2177",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00050.html"
},
{
"name" : "SUSE-SU-2016:2178",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00051.html"
},
{
"name" : "SUSE-SU-2016:2179",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00052.html"
},
{
"name" : "SUSE-SU-2016:2180",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00053.html"
},
{
"name" : "SUSE-SU-2016:2181",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00054.html"
},
{
"name" : "92214",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92214"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a \"double fetch\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1362466",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1362466"
},
{
"name": "20160801 [CVE-2016-6480] Double-Fetch Vulnerability in Linux-4.5/drivers/scsi/aacraid/commctrl.c",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539074/30/0/threaded"
},
{
"name": "SUSE-SU-2016:2180",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00053.html"
},
{
"name": "92214",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92214"
},
{
"name": "SUSE-SU-2016:2174",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.html"
},
{
"name": "SUSE-SU-2016:2230",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00001.html"
},
{
"name": "RHSA-2016:2584",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
},
{
"name": "RHSA-2016:2574",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
},
{
"name": "RHSA-2017:0817",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0817.html"
},
{
"name": "SUSE-SU-2016:2181",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00054.html"
},
{
"name": "SUSE-SU-2016:2178",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00051.html"
},
{
"name": "SUSE-SU-2016:2175",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00049.html"
},
{
"name": "SUSE-SU-2016:2177",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00050.html"
},
{
"name": "SUSE-SU-2016:2179",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00052.html"
}
]
}
}

160
2016/6xxx/CVE-2016-6549.json
View File

@ -1,83 +1,83 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-6549",
"STATE" : "PUBLIC",
"TITLE" : "Zizai Tech Nut allows for unauthenticated Bluetooth pairing"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Tech Nut",
"version" : {
"version_data" : [
{
"affected" : "?",
"version_value" : "N/A"
}
]
}
}
]
},
"vendor_name" : "Zizai Technology"
}
]
}
},
"credit" : [
{
"lang" : "eng",
"value" : "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Zizai Tech Nut device allows unauthenticated Bluetooth pairing, which enables unauthenticated connected applications to write data to the device name attribute."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-306: Missing Authentication for Critical Function"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6549",
"STATE": "PUBLIC",
"TITLE": "Zizai Tech Nut allows for unauthenticated Bluetooth pairing"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tech Nut",
"version": {
"version_data": [
{
"affected": "?",
"version_value": "N/A"
}
]
}
}
]
},
"vendor_name": "Zizai Technology"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
"refsource" : "MISC",
"url" : "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
},
{
"name" : "VU#402847",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/402847"
},
{
"name" : "93877",
"refsource" : "BID",
"url" : "https://www.securityfocus.com/bid/93877"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Zizai Tech Nut device allows unauthenticated Bluetooth pairing, which enables unauthenticated connected applications to write data to the device name attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93877",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/93877"
},
{
"name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
},
{
"name": "VU#402847",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/402847"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

128
2016/6xxx/CVE-2016-6730.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2016-6730",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Kernel-3.18"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30904789. References: NVIDIA N-CVE-2016-6730."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-6730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Kernel-3.18"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2016-11-01.html"
},
{
"name" : "94140",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94140"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30904789. References: NVIDIA N-CVE-2016-6730."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94140",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94140"
},
{
"name": "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2016-11-01.html"
}
]
}
}

32
2016/7xxx/CVE-2016-7064.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7064",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7064",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

138
2016/7xxx/CVE-2016-7596.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2016-7596",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Bluetooth\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-7596",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT207423",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207423"
},
{
"name" : "94903",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94903"
},
{
"name" : "1037469",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037469"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Bluetooth\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94903",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94903"
},
{
"name": "1037469",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037469"
},
{
"name": "https://support.apple.com/HT207423",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207423"
}
]
}
}

138
2016/7xxx/CVE-2016-7629.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2016-7629",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"kext tools\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-7629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT207423",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207423"
},
{
"name" : "94903",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94903"
},
{
"name" : "1037469",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037469"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"kext tools\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94903",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94903"
},
{
"name": "1037469",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037469"
},
{
"name": "https://support.apple.com/HT207423",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207423"
}
]
}
}

148
2016/7xxx/CVE-2016-7831.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2016-7831",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Sleipnir 4 Black Edition for Mac",
"version" : {
"version_data" : [
{
"version_value" : "4.5.3 and earlier"
}
]
}
},
{
"product_name" : "Sleipnir 4 for Mac",
"version" : {
"version_data" : [
{
"version_value" : "4.5.3 and earlier (Mac App Store)"
}
]
}
}
]
},
"vendor_name" : "Fenrir Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Sleipnir 4 Black Edition for Mac 4.5.3 and earlier and Sleipnir 4 for Mac 4.5.3 and earlier (Mac App Store) may allow a remote attacker to spoof the URL display via a specially crafted webpage."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "User Interface (UI) Misrepresentation of Information"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7831",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sleipnir 4 Black Edition for Mac",
"version": {
"version_data": [
{
"version_value": "4.5.3 and earlier"
}
]
}
},
{
"product_name": "Sleipnir 4 for Mac",
"version": {
"version_data": [
{
"version_value": "4.5.3 and earlier (Mac App Store)"
}
]
}
}
]
},
"vendor_name": "Fenrir Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#28151745",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN28151745/index.html"
},
{
"name" : "94830",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94830"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sleipnir 4 Black Edition for Mac 4.5.3 and earlier and Sleipnir 4 for Mac 4.5.3 and earlier (Mac App Store) may allow a remote attacker to spoof the URL display via a specially crafted webpage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "User Interface (UI) Misrepresentation of Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94830",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94830"
},
{
"name": "JVN#28151745",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN28151745/index.html"
}
]
}
}

128
2016/8xxx/CVE-2016-8369.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2016-8369",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Lynxspring JENEsys BAS Bridge 1.1.8 and older",
"version" : {
"version_data" : [
{
"version_value" : "Lynxspring JENEsys BAS Bridge 1.1.8 and older"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request (CROSS-SITE REQUEST FORGERY)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Lynxspring JENEsys BAS Bridge csrf"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-8369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Lynxspring JENEsys BAS Bridge 1.1.8 and older",
"version": {
"version_data": [
{
"version_value": "Lynxspring JENEsys BAS Bridge 1.1.8 and older"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-320-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-320-01"
},
{
"name" : "94344",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94344"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request (CROSS-SITE REQUEST FORGERY)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Lynxspring JENEsys BAS Bridge csrf"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94344",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94344"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-320-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-320-01"
}
]
}
}

200
2016/8xxx/CVE-2016-8921.json
View File

@ -1,103 +1,103 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-8921",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "FileNet Content Manager",
"version" : {
"version_data" : [
{
"version_value" : "4.0"
},
{
"version_value" : "4.0.1"
},
{
"version_value" : "4.5.0"
},
{
"version_value" : "4.5.1"
},
{
"version_value" : "5.0"
},
{
"version_value" : "5.1"
},
{
"version_value" : "5.2.0"
},
{
"version_value" : "5.2.0.1"
},
{
"version_value" : "5.1.0"
},
{
"version_value" : "5.2"
},
{
"version_value" : "4.0.2"
},
{
"version_value" : "1.1.5"
},
{
"version_value" : "5.2.1"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-8921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FileNet Content Manager",
"version": {
"version_data": [
{
"version_value": "4.0"
},
{
"version_value": "4.0.1"
},
{
"version_value": "4.5.0"
},
{
"version_value": "4.5.1"
},
{
"version_value": "5.0"
},
{
"version_value": "5.1"
},
{
"version_value": "5.2.0"
},
{
"version_value": "5.2.0.1"
},
{
"version_value": "5.1.0"
},
{
"version_value": "5.2"
},
{
"version_value": "4.0.2"
},
{
"version_value": "1.1.5"
},
{
"version_value": "5.2.1"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21994018",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21994018"
},
{
"name" : "94582",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94582"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21994018",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21994018"
},
{
"name": "94582",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94582"
}
]
}
}