admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 21:36:29 +00:00
parent a3c870b300
commit 01f088c8ab
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
55 changed files with 4273 additions and 4273 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

180
2006/0xxx/CVE-2006-0192.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0192",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 allows remote attackers to execute arbitrary SQL commands via the Password parameter to login.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0192",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060204 sql injection in ASP Survey",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/423949/100/0/threaded"
},
{
"name" : "16496",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16496"
},
{
"name" : "ADV-2006-0164",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0164"
},
{
"name" : "22342",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22342"
},
{
"name" : "18422",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18422"
},
{
"name" : "414",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/414"
},
{
"name" : "aspsurvey-loginvalidate-sql-injection(24087)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24087"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 allows remote attackers to execute arbitrary SQL commands via the Password parameter to login.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060204 sql injection in ASP Survey",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423949/100/0/threaded"
},
{
"name": "ADV-2006-0164",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0164"
},
{
"name": "414",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/414"
},
{
"name": "aspsurvey-loginvalidate-sql-injection(24087)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24087"
},
{
"name": "18422",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18422"
},
{
"name": "16496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16496"
},
{
"name": "22342",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22342"
}
]
}
}

190
2006/0xxx/CVE-2006-0402.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0402",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Zoph before 0.5pre1 allows remote attackers to execute arbitrary SQL commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0402",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/project/shownotes.php?group_id=69353&release_id=387320",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?group_id=69353&release_id=387320"
},
{
"name" : "DSA-989",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-989"
},
{
"name" : "16347",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16347"
},
{
"name" : "ADV-2006-0297",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0297"
},
{
"name" : "22743",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22743"
},
{
"name" : "18563",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18563"
},
{
"name" : "19153",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19153"
},
{
"name" : "zoph-sql-injection(24264)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24264"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Zoph before 0.5pre1 allows remote attackers to execute arbitrary SQL commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22743",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22743"
},
{
"name": "18563",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18563"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=69353&release_id=387320",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=69353&release_id=387320"
},
{
"name": "19153",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19153"
},
{
"name": "16347",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16347"
},
{
"name": "ADV-2006-0297",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0297"
},
{
"name": "zoph-sql-injection(24264)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24264"
},
{
"name": "DSA-989",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-989"
}
]
}
}

190
2006/0xxx/CVE-2006-0562.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0562",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in problem.php in PluggedOut Blog 1.9.9c allows remote attackers to inject arbitrary web script or HTML via the data parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060204 PluggedOut Blog SQL injection and XSS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/423948/100/0/threaded"
},
{
"name" : "20060206 VERIFY Pluggedout Blog 1.9.9c problem.php XSS",
"refsource" : "VIM",
"url" : "http://attrition.org/pipermail/vim/2006-February/000530.html"
},
{
"name" : "http://hamid.ir/security/pluggedoutblog.txt",
"refsource" : "MISC",
"url" : "http://hamid.ir/security/pluggedoutblog.txt"
},
{
"name" : "ADV-2006-0440",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0440"
},
{
"name" : "22927",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22927"
},
{
"name" : "1015586",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015586"
},
{
"name" : "18726",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18726"
},
{
"name" : "pluggedoutblog-problem-xss(24482)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24482"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in problem.php in PluggedOut Blog 1.9.9c allows remote attackers to inject arbitrary web script or HTML via the data parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://hamid.ir/security/pluggedoutblog.txt",
"refsource": "MISC",
"url": "http://hamid.ir/security/pluggedoutblog.txt"
},
{
"name": "20060206 VERIFY Pluggedout Blog 1.9.9c problem.php XSS",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2006-February/000530.html"
},
{
"name": "ADV-2006-0440",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0440"
},
{
"name": "18726",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18726"
},
{
"name": "pluggedoutblog-problem-xss(24482)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24482"
},
{
"name": "1015586",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015586"
},
{
"name": "20060204 PluggedOut Blog SQL injection and XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423948/100/0/threaded"
},
{
"name": "22927",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22927"
}
]
}
}

270
2006/0xxx/CVE-2006-0705.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0705",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0705",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.wrq.com/techdocs/1882.html",
"refsource" : "CONFIRM",
"url" : "http://support.wrq.com/techdocs/1882.html"
},
{
"name" : "GLSA-200703-13",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200703-13.xml"
},
{
"name" : "HPSBTU02322",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=120654385125315&w=2"
},
{
"name" : "SSRT080011",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=120654385125315&w=2"
},
{
"name" : "VU#419241",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/419241"
},
{
"name" : "16625",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16625"
},
{
"name" : "16640",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16640"
},
{
"name" : "ADV-2006-0554",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0554"
},
{
"name" : "ADV-2006-0555",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0555"
},
{
"name" : "ADV-2008-1008",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1008/references"
},
{
"name" : "1015619",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015619"
},
{
"name" : "18828",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18828"
},
{
"name" : "18843",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18843"
},
{
"name" : "24516",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24516"
},
{
"name" : "29552",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29552"
},
{
"name" : "sftp-logging-format-string(24651)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24651"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015619",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015619"
},
{
"name": "http://support.wrq.com/techdocs/1882.html",
"refsource": "CONFIRM",
"url": "http://support.wrq.com/techdocs/1882.html"
},
{
"name": "24516",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24516"
},
{
"name": "29552",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29552"
},
{
"name": "sftp-logging-format-string(24651)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24651"
},
{
"name": "VU#419241",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/419241"
},
{
"name": "HPSBTU02322",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=120654385125315&w=2"
},
{
"name": "18828",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18828"
},
{
"name": "GLSA-200703-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200703-13.xml"
},
{
"name": "ADV-2006-0555",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0555"
},
{
"name": "ADV-2006-0554",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0554"
},
{
"name": "16625",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16625"
},
{
"name": "ADV-2008-1008",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1008/references"
},
{
"name": "16640",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16640"
},
{
"name": "SSRT080011",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=120654385125315&w=2"
},
{
"name": "18843",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18843"
}
]
}
}

34
2006/0xxx/CVE-2006-0849.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0849",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0849",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2006/3xxx/CVE-2006-3407.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3407",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Tor before 0.1.1.20 allows remote attackers to spoof log entries or possibly execute shell code via strings with non-printable characters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tor.eff.org/cvs/tor/ChangeLog",
"refsource" : "CONFIRM",
"url" : "http://tor.eff.org/cvs/tor/ChangeLog"
},
{
"name" : "GLSA-200606-04",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200606-04.xml"
},
{
"name" : "19795",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19795"
},
{
"name" : "20277",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20277"
},
{
"name" : "20514",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20514"
},
{
"name" : "tor-log-spoofing(26793)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26793"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tor before 0.1.1.20 allows remote attackers to spoof log entries or possibly execute shell code via strings with non-printable characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19795",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19795"
},
{
"name": "20277",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20277"
},
{
"name": "20514",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20514"
},
{
"name": "GLSA-200606-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200606-04.xml"
},
{
"name": "http://tor.eff.org/cvs/tor/ChangeLog",
"refsource": "CONFIRM",
"url": "http://tor.eff.org/cvs/tor/ChangeLog"
},
{
"name": "tor-log-spoofing(26793)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26793"
}
]
}
}

140
2006/3xxx/CVE-2006-3517.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3517",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in stats.php in RW::Download, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060708 RW::Download stats.php Remote File Inc.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/439524/100/0/threaded"
},
{
"name" : "18901",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18901"
},
{
"name" : "1207",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1207"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in stats.php in RW::Download, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1207",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1207"
},
{
"name": "18901",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18901"
},
{
"name": "20060708 RW::Download stats.php Remote File Inc.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439524/100/0/threaded"
}
]
}
}

180
2006/3xxx/CVE-2006-3648.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3648",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly \"unloading chained exception.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-3648",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS06-051",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-051"
},
{
"name" : "TA06-220A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"name" : "VU#411516",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/411516"
},
{
"name" : "19384",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19384"
},
{
"name" : "ADV-2006-3216",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3216"
},
{
"name" : "oval:org.mitre.oval:def:841",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A841"
},
{
"name" : "1016661",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016661"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly \"unloading chained exception.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS06-051",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-051"
},
{
"name": "oval:org.mitre.oval:def:841",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A841"
},
{
"name": "ADV-2006-3216",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3216"
},
{
"name": "VU#411516",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/411516"
},
{
"name": "19384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19384"
},
{
"name": "TA06-220A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"name": "1016661",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016661"
}
]
}
}

170
2006/4xxx/CVE-2006-4209.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4209",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in install3.php in WEBInsta Mailing List Manager 1.3e allows remote attackers to execute arbitrary PHP code via a URL in the cabsolute_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060810 WEBInsta Mailing list manager (cabsolute_path) 1.3e RFI",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/442983/100/0/threaded"
},
{
"name" : "http://www.bb-pcsecurity.de/Websecurity/311/org/WEBInsta_Mailing_list_manager_(cabsolute_path)_1.3e_RFI.htm",
"refsource" : "MISC",
"url" : "http://www.bb-pcsecurity.de/Websecurity/311/org/WEBInsta_Mailing_list_manager_(cabsolute_path)_1.3e_RFI.htm"
},
{
"name" : "2171",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2171"
},
{
"name" : "19477",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19477"
},
{
"name" : "1404",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1404"
},
{
"name" : "webinsta-install-file-include(28340)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28340"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in install3.php in WEBInsta Mailing List Manager 1.3e allows remote attackers to execute arbitrary PHP code via a URL in the cabsolute_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19477",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19477"
},
{
"name": "1404",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1404"
},
{
"name": "http://www.bb-pcsecurity.de/Websecurity/311/org/WEBInsta_Mailing_list_manager_(cabsolute_path)_1.3e_RFI.htm",
"refsource": "MISC",
"url": "http://www.bb-pcsecurity.de/Websecurity/311/org/WEBInsta_Mailing_list_manager_(cabsolute_path)_1.3e_RFI.htm"
},
{
"name": "webinsta-install-file-include(28340)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28340"
},
{
"name": "2171",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2171"
},
{
"name": "20060810 WEBInsta Mailing list manager (cabsolute_path) 1.3e RFI",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442983/100/0/threaded"
}
]
}
}

130
2006/4xxx/CVE-2006-4466.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4466",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Joomla! before 1.0.11 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to have an unspecified impact. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Joomla!."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.joomla.org/content/view/1841/78/",
"refsource" : "CONFIRM",
"url" : "http://www.joomla.org/content/view/1841/78/"
},
{
"name" : "ADV-2006-3408",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3408"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Joomla! before 1.0.11 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to have an unspecified impact. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Joomla!."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3408",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3408"
},
{
"name": "http://www.joomla.org/content/view/1841/78/",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/content/view/1841/78/"
}
]
}
}

180
2006/4xxx/CVE-2006-4843.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4843",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified \"code sequences\" that bypass the protection scheme."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070328 IBM Lotus Domino Web Access Cross Site Scripting Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=493"
},
{
"name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21257026",
"refsource" : "CONFIRM",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21257026"
},
{
"name" : "23173",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23173"
},
{
"name" : "ADV-2007-1133",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1133"
},
{
"name" : "1017824",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1017824"
},
{
"name" : "24633",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24633"
},
{
"name" : "domino-webaccess-contentfilter-xss(33280)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33280"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified \"code sequences\" that bypass the protection scheme."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "domino-webaccess-contentfilter-xss(33280)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33280"
},
{
"name": "20070328 IBM Lotus Domino Web Access Cross Site Scripting Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=493"
},
{
"name": "1017824",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017824"
},
{
"name": "23173",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23173"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21257026",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21257026"
},
{
"name": "24633",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24633"
},
{
"name": "ADV-2007-1133",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1133"
}
]
}
}

190
2006/4xxx/CVE-2006-4977.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4977",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unrestricted file upload vulnerabilities in (1) back/upload_img.php and (2) admin/upload_img.php in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to upload arbitrary PHP code to the phpquiz/img_quiz folder via the (a) upload, (b) ok_update, (c) image, and (d) path parameters, possibly requiring directory traversal sequences in the path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060916 PHPQuiz Multiple Remote Vulnerabilites",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446315/100/0/threaded"
},
{
"name" : "2376",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2376"
},
{
"name" : "http://www.morx.org/phpquiz.txt",
"refsource" : "MISC",
"url" : "http://www.morx.org/phpquiz.txt"
},
{
"name" : "20065",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20065"
},
{
"name" : "ADV-2006-3693",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3693"
},
{
"name" : "22015",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22015"
},
{
"name" : "1627",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1627"
},
{
"name" : "phpquiz-uploadimg-file-upload(28995)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28995"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unrestricted file upload vulnerabilities in (1) back/upload_img.php and (2) admin/upload_img.php in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to upload arbitrary PHP code to the phpquiz/img_quiz folder via the (a) upload, (b) ok_update, (c) image, and (d) path parameters, possibly requiring directory traversal sequences in the path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2376",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2376"
},
{
"name": "ADV-2006-3693",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3693"
},
{
"name": "http://www.morx.org/phpquiz.txt",
"refsource": "MISC",
"url": "http://www.morx.org/phpquiz.txt"
},
{
"name": "phpquiz-uploadimg-file-upload(28995)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28995"
},
{
"name": "1627",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1627"
},
{
"name": "22015",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22015"
},
{
"name": "20065",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20065"
},
{
"name": "20060916 PHPQuiz Multiple Remote Vulnerabilites",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446315/100/0/threaded"
}
]
}
}

140
2006/7xxx/CVE-2006-7004.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7004",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in email_request.php in PSY Auction allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.securityfocus.com/data/vulnerabilities/exploits/PSYAuction-0515-sql-html.txt",
"refsource" : "MISC",
"url" : "http://www.securityfocus.com/data/vulnerabilities/exploits/PSYAuction-0515-sql-html.txt"
},
{
"name" : "17974",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17974"
},
{
"name" : "36360",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/36360"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in email_request.php in PSY Auction allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36360",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/36360"
},
{
"name": "17974",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17974"
},
{
"name": "http://www.securityfocus.com/data/vulnerabilities/exploits/PSYAuction-0515-sql-html.txt",
"refsource": "MISC",
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/PSYAuction-0515-sql-html.txt"
}
]
}
}

170
2010/2xxx/CVE-2010-2092.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2092",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rra_id parameter in a GET request in conjunction with a valid rra_id value in a POST request or a cookie, which causes the POST or cookie value to bypass the validation routine, but inserts the $_GET value into the resulting query."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://php-security.org/2010/05/13/mops-2010-023-cacti-graph-viewer-sql-injection-vulnerability/index.html",
"refsource" : "MISC",
"url" : "http://php-security.org/2010/05/13/mops-2010-023-cacti-graph-viewer-sql-injection-vulnerability/index.html"
},
{
"name" : "http://www.cacti.net/changelog.php",
"refsource" : "CONFIRM",
"url" : "http://www.cacti.net/changelog.php"
},
{
"name" : "DSA-2060",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2060"
},
{
"name" : "RHSA-2010:0635",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2010-0635.html"
},
{
"name" : "41041",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41041"
},
{
"name" : "ADV-2010-2132",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2132"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rra_id parameter in a GET request in conjunction with a valid rra_id value in a POST request or a cookie, which causes the POST or cookie value to bypass the validation routine, but inserts the $_GET value into the resulting query."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cacti.net/changelog.php",
"refsource": "CONFIRM",
"url": "http://www.cacti.net/changelog.php"
},
{
"name": "DSA-2060",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2060"
},
{
"name": "41041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41041"
},
{
"name": "RHSA-2010:0635",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0635.html"
},
{
"name": "ADV-2010-2132",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2132"
},
{
"name": "http://php-security.org/2010/05/13/mops-2010-023-cacti-graph-viewer-sql-injection-vulnerability/index.html",
"refsource": "MISC",
"url": "http://php-security.org/2010/05/13/mops-2010-023-cacti-graph-viewer-sql-injection-vulnerability/index.html"
}
]
}
}

200
2010/2xxx/CVE-2010-2237.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2237",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://libvirt.org/news.html",
"refsource" : "MISC",
"url" : "http://libvirt.org/news.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=607810",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=607810"
},
{
"name" : "FEDORA-2010-10960",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html"
},
{
"name" : "FEDORA-2010-11021",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html"
},
{
"name" : "SUSE-SR:2010:017",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name" : "USN-1008-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-1008-1"
},
{
"name" : "USN-1008-2",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-1008-2"
},
{
"name" : "USN-1008-3",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-1008-3"
},
{
"name" : "ADV-2010-2763",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2763"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2010-10960",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html"
},
{
"name": "USN-1008-2",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1008-2"
},
{
"name": "FEDORA-2010-11021",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html"
},
{
"name": "http://libvirt.org/news.html",
"refsource": "MISC",
"url": "http://libvirt.org/news.html"
},
{
"name": "USN-1008-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1008-1"
},
{
"name": "SUSE-SR:2010:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name": "USN-1008-3",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1008-3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=607810",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=607810"
},
{
"name": "ADV-2010-2763",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2763"
}
]
}
}

150
2010/2xxx/CVE-2010-2740.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2740",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka \"OpenType Font Parsing Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-2740",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.avaya.com/css/P8/documents/100113218",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100113218"
},
{
"name" : "MS10-078",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-078"
},
{
"name" : "TA10-285A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-285A.html"
},
{
"name" : "oval:org.mitre.oval:def:7258",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7258"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka \"OpenType Font Parsing Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS10-078",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-078"
},
{
"name": "http://support.avaya.com/css/P8/documents/100113218",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100113218"
},
{
"name": "oval:org.mitre.oval:def:7258",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7258"
},
{
"name": "TA10-285A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html"
}
]
}
}

140
2010/2xxx/CVE-2010-2754.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2754",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-47.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-47.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=568564",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=568564"
},
{
"name" : "oval:org.mitre.oval:def:11770",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11770"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mozilla.org/security/announce/2010/mfsa2010-47.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-47.html"
},
{
"name": "oval:org.mitre.oval:def:11770",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11770"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=568564",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=568564"
}
]
}
}

210
2010/3xxx/CVE-2010-3304.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3304",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3304",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[dovecot-news] 20100724 v1.2.13 released",
"refsource" : "MLIST",
"url" : "http://www.dovecot.org/list/dovecot-news/2010-July/000163.html"
},
{
"name" : "[oss-security] 20100916 CVE-identifier request for Dovecot ACL security bug",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/09/16/14"
},
{
"name" : "[oss-security] 20100916 Re: CVE-identifier request for Dovecot ACL security bug",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/09/16/17"
},
{
"name" : "MDVSA-2010:217",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:217"
},
{
"name" : "SUSE-SR:2010:017",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name" : "USN-1059-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1059-1"
},
{
"name" : "41964",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41964"
},
{
"name" : "43220",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43220"
},
{
"name" : "ADV-2010-2840",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2840"
},
{
"name" : "ADV-2011-0301",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0301"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[dovecot-news] 20100724 v1.2.13 released",
"refsource": "MLIST",
"url": "http://www.dovecot.org/list/dovecot-news/2010-July/000163.html"
},
{
"name": "[oss-security] 20100916 Re: CVE-identifier request for Dovecot ACL security bug",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/16/17"
},
{
"name": "USN-1059-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1059-1"
},
{
"name": "41964",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41964"
},
{
"name": "[oss-security] 20100916 CVE-identifier request for Dovecot ACL security bug",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/16/14"
},
{
"name": "MDVSA-2010:217",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:217"
},
{
"name": "43220",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43220"
},
{
"name": "ADV-2011-0301",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0301"
},
{
"name": "ADV-2010-2840",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2840"
},
{
"name": "SUSE-SR:2010:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
}
]
}
}

150
2010/3xxx/CVE-2010-3487.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3487",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in YelloSoft Pinky 1.0 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1009-exploits/pinky10-traversal.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1009-exploits/pinky10-traversal.txt"
},
{
"name" : "http://www.johnleitch.net/Vulnerabilities/Pinky.1.0.Directory.Traversal/42",
"refsource" : "MISC",
"url" : "http://www.johnleitch.net/Vulnerabilities/Pinky.1.0.Directory.Traversal/42"
},
{
"name" : "68141",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/68141"
},
{
"name" : "41538",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41538"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in YelloSoft Pinky 1.0 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68141",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/68141"
},
{
"name": "41538",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41538"
},
{
"name": "http://www.johnleitch.net/Vulnerabilities/Pinky.1.0.Directory.Traversal/42",
"refsource": "MISC",
"url": "http://www.johnleitch.net/Vulnerabilities/Pinky.1.0.Directory.Traversal/42"
},
{
"name": "http://packetstormsecurity.org/1009-exploits/pinky10-traversal.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1009-exploits/pinky10-traversal.txt"
}
]
}
}

130
2010/3xxx/CVE-2010-3546.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3546",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Sun Java System Identity Manager component in Oracle Sun Products Suite 8.1 allows remote attackers to affect confidentiality and integrity via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-3546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name" : "TA10-287A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Sun Java System Identity Manager component in Oracle Sun Products Suite 8.1 allows remote attackers to affect confidentiality and integrity via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name": "TA10-287A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
}
]
}
}

170
2011/0xxx/CVE-2011-0058.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0058",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers construction of a long text run."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0058",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-07.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-07.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=607160",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=607160"
},
{
"name" : "http://downloads.avaya.com/css/P8/documents/100133195",
"refsource" : "CONFIRM",
"url" : "http://downloads.avaya.com/css/P8/documents/100133195"
},
{
"name" : "MDVSA-2011:041",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:041"
},
{
"name" : "46660",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46660"
},
{
"name" : "oval:org.mitre.oval:def:14254",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14254"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers construction of a long text run."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.avaya.com/css/P8/documents/100133195",
"refsource": "CONFIRM",
"url": "http://downloads.avaya.com/css/P8/documents/100133195"
},
{
"name": "46660",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46660"
},
{
"name": "oval:org.mitre.oval:def:14254",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14254"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=607160",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=607160"
},
{
"name": "MDVSA-2011:041",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:041"
},
{
"name": "http://www.mozilla.org/security/announce/2011/mfsa2011-07.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2011/mfsa2011-07.html"
}
]
}
}

170
2011/0xxx/CVE-2011-0254.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0254",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-0254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4808",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4808"
},
{
"name" : "http://support.apple.com/kb/HT4981",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4981"
},
{
"name" : "http://support.apple.com/kb/HT4999",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4999"
},
{
"name" : "APPLE-SA-2011-07-20-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
},
{
"name" : "APPLE-SA-2011-10-11-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
},
{
"name" : "APPLE-SA-2011-10-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT4981",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4981"
},
{
"name": "APPLE-SA-2011-10-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "APPLE-SA-2011-10-11-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT4999",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4999"
},
{
"name": "http://support.apple.com/kb/HT4808",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4808"
},
{
"name": "APPLE-SA-2011-07-20-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
}
]
}
}

170
2011/0xxx/CVE-2011-0637.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0637",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The FC SCSI protocol driver in IBM AIX 6.1 does not verify that a timer is unused before deallocating this timer, which might allow attackers to cause a denial of service (system crash) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0637",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "IZ92478",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ92478"
},
{
"name" : "45931",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45931"
},
{
"name" : "70519",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70519"
},
{
"name" : "42962",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42962"
},
{
"name" : "ADV-2011-0176",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0176"
},
{
"name" : "ibm-aix-fcscsi-dos(64817)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64817"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FC SCSI protocol driver in IBM AIX 6.1 does not verify that a timer is unused before deallocating this timer, which might allow attackers to cause a denial of service (system crash) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0176",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0176"
},
{
"name": "70519",
"refsource": "OSVDB",
"url": "http://osvdb.org/70519"
},
{
"name": "42962",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42962"
},
{
"name": "ibm-aix-fcscsi-dos(64817)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64817"
},
{
"name": "45931",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45931"
},
{
"name": "IZ92478",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ92478"
}
]
}
}

130
2011/0xxx/CVE-2011-0946.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0946",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload or hang) via malformed NetMeeting Directory (aka Internet Locator Service or ILS) LDAP traffic, aka Bug ID CSCtd10712."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-0946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=24117",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=24117"
},
{
"name" : "20110928 Cisco IOS Software Network Address Translation Vulnerabilities",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d4d.shtml"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload or hang) via malformed NetMeeting Directory (aka Internet Locator Service or ILS) LDAP traffic, aka Bug ID CSCtd10712."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24117",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24117"
},
{
"name": "20110928 Cisco IOS Software Network Address Translation Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d4d.shtml"
}
]
}
}

320
2011/1xxx/CVE-2011-1024.json
View File

@ -1,162 +1,162 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1024",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[openldap-announce] 20110212 OpenLDAP 2.4.24 available",
"refsource" : "MLIST",
"url" : "http://www.openldap.org/lists/openldap-announce/201102/msg00000.html"
},
{
"name" : "[openldap-technical] 20100429 ppolicy master/slave issue",
"refsource" : "MLIST",
"url" : "http://www.openldap.org/lists/openldap-technical/201004/msg00247.html"
},
{
"name" : "[oss-security] 20110224 CVE Request -- OpenLDAP -- two issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/02/24/12"
},
{
"name" : "[oss-security] 20110225 Re: CVE Request -- OpenLDAP -- two issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/02/25/13"
},
{
"name" : "http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ldap/chain.c.diff?r1=1.76&r2=1.77&hideattic=1&sortbydate=0",
"refsource" : "CONFIRM",
"url" : "http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ldap/chain.c.diff?r1=1.76&r2=1.77&hideattic=1&sortbydate=0"
},
{
"name" : "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6607",
"refsource" : "CONFIRM",
"url" : "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6607"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=674985",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=674985"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=680466",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=680466"
},
{
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735",
"refsource" : "CONFIRM",
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735"
},
{
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705",
"refsource" : "CONFIRM",
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"
},
{
"name" : "GLSA-201406-36",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201406-36.xml"
},
{
"name" : "MDVSA-2011:055",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:055"
},
{
"name" : "MDVSA-2011:056",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:056"
},
{
"name" : "RHSA-2011:0346",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0346.html"
},
{
"name" : "RHSA-2011:0347",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0347.html"
},
{
"name" : "USN-1100-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1100-1"
},
{
"name" : "1025188",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025188"
},
{
"name" : "43331",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43331"
},
{
"name" : "43708",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43708"
},
{
"name" : "43718",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43718"
},
{
"name" : "ADV-2011-0665",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0665"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201406-36",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-36.xml"
},
{
"name": "RHSA-2011:0346",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0346.html"
},
{
"name": "1025188",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025188"
},
{
"name": "43708",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43708"
},
{
"name": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6607",
"refsource": "CONFIRM",
"url": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6607"
},
{
"name": "[openldap-technical] 20100429 ppolicy master/slave issue",
"refsource": "MLIST",
"url": "http://www.openldap.org/lists/openldap-technical/201004/msg00247.html"
},
{
"name": "http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ldap/chain.c.diff?r1=1.76&r2=1.77&hideattic=1&sortbydate=0",
"refsource": "CONFIRM",
"url": "http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ldap/chain.c.diff?r1=1.76&r2=1.77&hideattic=1&sortbydate=0"
},
{
"name": "[openldap-announce] 20110212 OpenLDAP 2.4.24 available",
"refsource": "MLIST",
"url": "http://www.openldap.org/lists/openldap-announce/201102/msg00000.html"
},
{
"name": "MDVSA-2011:056",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:056"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=674985",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=674985"
},
{
"name": "[oss-security] 20110225 Re: CVE Request -- OpenLDAP -- two issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/02/25/13"
},
{
"name": "RHSA-2011:0347",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0347.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"
},
{
"name": "MDVSA-2011:055",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:055"
},
{
"name": "43718",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43718"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=680466",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680466"
},
{
"name": "[oss-security] 20110224 CVE Request -- OpenLDAP -- two issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/02/24/12"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735"
},
{
"name": "USN-1100-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1100-1"
},
{
"name": "ADV-2011-0665",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0665"
},
{
"name": "43331",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43331"
}
]
}
}

150
2011/1xxx/CVE-2011-1106.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1106",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in stcenter.nsf in the server in IBM Lotus Sametime allows remote attackers to inject arbitrary web script or HTML via the authReasonCode parameter in an OpenDatabase action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110222 Re: Domino Sametime Multiple Reflected Cross-Site Scripting",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2011-02/0217.html"
},
{
"name" : "46481",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46481"
},
{
"name" : "43430",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43430"
},
{
"name" : "sametime-stcenter-xss(65555)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65555"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in stcenter.nsf in the server in IBM Lotus Sametime allows remote attackers to inject arbitrary web script or HTML via the authReasonCode parameter in an OpenDatabase action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sametime-stcenter-xss(65555)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65555"
},
{
"name": "20110222 Re: Domino Sametime Multiple Reflected Cross-Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-02/0217.html"
},
{
"name": "46481",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46481"
},
{
"name": "43430",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43430"
}
]
}
}

220
2011/1xxx/CVE-2011-1117.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1117",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 9.0.597.107 does not properly handle XHTML documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to \"stale nodes.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1117",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=71386",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=71386"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html"
},
{
"name" : "http://support.apple.com/kb/HT4808",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4808"
},
{
"name" : "http://support.apple.com/kb/HT4981",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4981"
},
{
"name" : "http://support.apple.com/kb/HT4999",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4999"
},
{
"name" : "APPLE-SA-2011-07-20-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
},
{
"name" : "APPLE-SA-2011-10-11-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
},
{
"name" : "APPLE-SA-2011-10-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name" : "46614",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46614"
},
{
"name" : "oval:org.mitre.oval:def:14487",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14487"
},
{
"name" : "google-chrome-xhtml-dos(65735)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65735"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 9.0.597.107 does not properly handle XHTML documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to \"stale nodes.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:14487",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14487"
},
{
"name": "http://support.apple.com/kb/HT4981",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4981"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=71386",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=71386"
},
{
"name": "APPLE-SA-2011-10-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "APPLE-SA-2011-10-11-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
},
{
"name": "46614",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46614"
},
{
"name": "google-chrome-xhtml-dos(65735)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65735"
},
{
"name": "http://support.apple.com/kb/HT4999",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4999"
},
{
"name": "http://support.apple.com/kb/HT4808",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4808"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html"
},
{
"name": "APPLE-SA-2011-07-20-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
}
]
}
}

130
2011/1xxx/CVE-2011-1646.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1646",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote authenticated users to execute arbitrary commands via the (1) ping test parameter or (2) traceroute test parameter, aka Bug ID CSCtn23871."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-1646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110525 Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml"
},
{
"name" : "1025565",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025565"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote authenticated users to execute arbitrary commands via the (1) ping test parameter or (2) traceroute test parameter, aka Bug ID CSCtn23871."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110525 Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml"
},
{
"name": "1025565",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025565"
}
]
}
}

160
2011/1xxx/CVE-2011-1870.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1870",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka \"CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-1870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS11-056",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-056"
},
{
"name" : "TA11-193A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-193A.html"
},
{
"name" : "48605",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/48605"
},
{
"name" : "73795",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/73795"
},
{
"name" : "oval:org.mitre.oval:def:12889",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12889"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka \"CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA11-193A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-193A.html"
},
{
"name": "48605",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48605"
},
{
"name": "oval:org.mitre.oval:def:12889",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12889"
},
{
"name": "MS11-056",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-056"
},
{
"name": "73795",
"refsource": "OSVDB",
"url": "http://osvdb.org/73795"
}
]
}
}

190
2011/5xxx/CVE-2011-5140.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5140",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in the blog module 1.0 for DiY-CMS allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to (a) tags.php, (b) list.php, (c) index.php, (d) main_index.php, (e) viewpost.php, (f) archive.php, (g) control/approve_comments.php, (h) control/approve_posts.php, and (i) control/viewcat.php; and the (2) month and (3) year parameters to archive.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18288",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18288"
},
{
"name" : "78071",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/78071"
},
{
"name" : "78080",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/78080"
},
{
"name" : "78081",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/78081"
},
{
"name" : "78082",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/78082"
},
{
"name" : "78083",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/78083"
},
{
"name" : "47337",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47337"
},
{
"name" : "diycms-mod-sql-injection(72022)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72022"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the blog module 1.0 for DiY-CMS allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to (a) tags.php, (b) list.php, (c) index.php, (d) main_index.php, (e) viewpost.php, (f) archive.php, (g) control/approve_comments.php, (h) control/approve_posts.php, and (i) control/viewcat.php; and the (2) month and (3) year parameters to archive.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "78081",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/78081"
},
{
"name": "47337",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47337"
},
{
"name": "78083",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/78083"
},
{
"name": "78071",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/78071"
},
{
"name": "18288",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18288"
},
{
"name": "78080",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/78080"
},
{
"name": "diycms-mod-sql-injection(72022)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72022"
},
{
"name": "78082",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/78082"
}
]
}
}

150
2014/3xxx/CVE-2014-3055.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3055",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677032",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677032"
},
{
"name" : "PI18909",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909"
},
{
"name" : "60499",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60499"
},
{
"name" : "ibm-wsputl-cve20143055-sqli(93529)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93529"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60499",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60499"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677032",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677032"
},
{
"name": "ibm-wsputl-cve20143055-sqli(93529)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93529"
},
{
"name": "PI18909",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909"
}
]
}
}

170
2014/3xxx/CVE-2014-3373.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3373",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCup92550."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36294",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36294"
},
{
"name" : "20141030 Cisco Unified Communications Manager DNA Interface Reflected Cross-Site Scripting Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3373"
},
{
"name" : "70848",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70848"
},
{
"name" : "1031161",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031161"
},
{
"name" : "59692",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59692"
},
{
"name" : "cisco-ucm-cve20143373-xss(98406)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98406"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCup92550."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141030 Cisco Unified Communications Manager DNA Interface Reflected Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3373"
},
{
"name": "59692",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59692"
},
{
"name": "70848",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70848"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36294",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36294"
},
{
"name": "1031161",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031161"
},
{
"name": "cisco-ucm-cve20143373-xss(98406)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98406"
}
]
}
}

34
2014/3xxx/CVE-2014-3449.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3449",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3449",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/3xxx/CVE-2014-3606.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3606",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3606",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/3xxx/CVE-2014-3784.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3784",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3784",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

200
2014/3xxx/CVE-2014-3967.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3967",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140604 Re: Xen Security Advisory 96 - Vulnerabilities in HVM MSI injection",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/06/04/13"
},
{
"name" : "http://xenbits.xen.org/xsa/advisory-96.html",
"refsource" : "CONFIRM",
"url" : "http://xenbits.xen.org/xsa/advisory-96.html"
},
{
"name" : "FEDORA-2014-7408",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134739.html"
},
{
"name" : "FEDORA-2014-7423",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134710.html"
},
{
"name" : "GLSA-201504-04",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201504-04"
},
{
"name" : "openSUSE-SU-2014:1279",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html"
},
{
"name" : "openSUSE-SU-2014:1281",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html"
},
{
"name" : "67794",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67794"
},
{
"name" : "1030322",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030322"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201504-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-04"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-96.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-96.html"
},
{
"name": "openSUSE-SU-2014:1281",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html"
},
{
"name": "openSUSE-SU-2014:1279",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html"
},
{
"name": "FEDORA-2014-7423",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134710.html"
},
{
"name": "FEDORA-2014-7408",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134739.html"
},
{
"name": "1030322",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030322"
},
{
"name": "67794",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67794"
},
{
"name": "[oss-security] 20140604 Re: Xen Security Advisory 96 - Vulnerabilities in HVM MSI injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/06/04/13"
}
]
}
}

130
2014/6xxx/CVE-2014-6253.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6253",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to hijack the authentication of arbitrary users, aka ZEN-12653."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing",
"refsource" : "CONFIRM",
"url" : "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing"
},
{
"name" : "VU#449452",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/449452"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to hijack the authentication of arbitrary users, aka ZEN-12653."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#449452",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/449452"
},
{
"name": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing",
"refsource": "CONFIRM",
"url": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7100.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7100",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The www.sm3ny.com (aka sm3ny.com) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#853273",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/853273"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The www.sm3ny.com (aka sm3ny.com) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#853273",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/853273"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7109.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7109",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Nesvarnik (aka cz.dtest.nesvarnik) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#483497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/483497"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Nesvarnik (aka cz.dtest.nesvarnik) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#483497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/483497"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

34
2014/7xxx/CVE-2014-7160.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7160",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7160",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2014/7xxx/CVE-2014-7807.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7807",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-7807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141208 [CVE-2014-7807] Apache CloudStack unauthenticated LDAP binds",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534176/100/0/threaded"
},
{
"name" : "http://support.citrix.com/article/CTX200285",
"refsource" : "CONFIRM",
"url" : "http://support.citrix.com/article/CTX200285"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.citrix.com/article/CTX200285",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX200285"
},
{
"name": "20141208 [CVE-2014-7807] Apache CloudStack unauthenticated LDAP binds",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534176/100/0/threaded"
}
]
}
}

390
2014/8xxx/CVE-2014-8500.json
View File

@ -1,197 +1,197 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8500",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html",
"refsource" : "MISC",
"url" : "http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html"
},
{
"name" : "https://kb.isc.org/article/AA-01216/",
"refsource" : "CONFIRM",
"url" : "https://kb.isc.org/article/AA-01216/"
},
{
"name" : "http://advisories.mageia.org/MGASA-2014-0524.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2014-0524.html"
},
{
"name" : "https://support.apple.com/HT205219",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205219"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10676",
"refsource" : "CONFIRM",
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10676"
},
{
"name" : "APPLE-SA-2015-09-16-4",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"
},
{
"name" : "DSA-3094",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3094"
},
{
"name" : "GLSA-201502-03",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201502-03.xml"
},
{
"name" : "HPSBUX03235",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142180687100892&w=2"
},
{
"name" : "SSRT101750",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142180687100892&w=2"
},
{
"name" : "HPSBUX03400",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=144000632319155&w=2"
},
{
"name" : "SSRT102211",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=144000632319155&w=2"
},
{
"name" : "MDVSA-2015:165",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:165"
},
{
"name" : "NetBSD-SA2015-002",
"refsource" : "NETBSD",
"url" : "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-002.txt.asc"
},
{
"name" : "RHSA-2016:0078",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0078.html"
},
{
"name" : "SUSE-SU-2015:0011",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00001.html"
},
{
"name" : "SUSE-SU-2015:0096",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00017.html"
},
{
"name" : "SUSE-SU-2015:0480",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00009.html"
},
{
"name" : "SUSE-SU-2015:0488",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00013.html"
},
{
"name" : "openSUSE-SU-2015:1250",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-07/msg00038.html"
},
{
"name" : "USN-2437-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-2437-1"
},
{
"name" : "VU#264212",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/264212"
},
{
"name" : "71590",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71590"
},
{
"name" : "1031311",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1031311"
},
{
"name" : "62122",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62122"
},
{
"name" : "62064",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62064"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "HPSBUX03235",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142180687100892&w=2"
},
{
"name": "GLSA-201502-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201502-03.xml"
},
{
"name": "62122",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62122"
},
{
"name": "NetBSD-SA2015-002",
"refsource": "NETBSD",
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-002.txt.asc"
},
{
"name": "https://kb.isc.org/article/AA-01216/",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-01216/"
},
{
"name": "MDVSA-2015:165",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:165"
},
{
"name": "openSUSE-SU-2015:1250",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00038.html"
},
{
"name": "SUSE-SU-2015:0480",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00009.html"
},
{
"name": "62064",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62064"
},
{
"name": "http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html",
"refsource": "MISC",
"url": "http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10676",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10676"
},
{
"name": "DSA-3094",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3094"
},
{
"name": "1031311",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1031311"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0524.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0524.html"
},
{
"name": "SUSE-SU-2015:0488",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00013.html"
},
{
"name": "VU#264212",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/264212"
},
{
"name": "71590",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71590"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "SUSE-SU-2015:0096",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00017.html"
},
{
"name": "SUSE-SU-2015:0011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00001.html"
},
{
"name": "USN-2437-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-2437-1"
},
{
"name": "HPSBUX03400",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=144000632319155&w=2"
},
{
"name": "APPLE-SA-2015-09-16-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"
},
{
"name": "RHSA-2016:0078",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0078.html"
},
{
"name": "https://support.apple.com/HT205219",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205219"
},
{
"name": "SSRT101750",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142180687100892&w=2"
},
{
"name": "SSRT102211",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=144000632319155&w=2"
}
]
}
}

200
2014/8xxx/CVE-2014-8651.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8651",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and plasma-desktop before 5.1.1 allows local users to gain privileges via a crafted ntpUtility (ntp utility name) argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141104 Privilege Escalation via KDE Clock KCM polkit helper",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/11/04/9"
},
{
"name" : "[oss-security] 20141106 Re: Privilege Escalation via KDE Clock KCM polkit helper",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/11/07/3"
},
{
"name" : "https://www.kde.org/info/security/advisory-20141106-1.txt",
"refsource" : "CONFIRM",
"url" : "https://www.kde.org/info/security/advisory-20141106-1.txt"
},
{
"name" : "FEDORA-2014-14813",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/143781.html"
},
{
"name" : "FEDORA-2014-14865",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/144093.html"
},
{
"name" : "FEDORA-2014-14895",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/144034.html"
},
{
"name" : "GLSA-201512-12",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201512-12"
},
{
"name" : "USN-2402-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2402-1"
},
{
"name" : "70904",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70904"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and plasma-desktop before 5.1.1 allows local users to gain privileges via a crafted ntpUtility (ntp utility name) argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2014-14813",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/143781.html"
},
{
"name": "[oss-security] 20141104 Privilege Escalation via KDE Clock KCM polkit helper",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/11/04/9"
},
{
"name": "GLSA-201512-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201512-12"
},
{
"name": "https://www.kde.org/info/security/advisory-20141106-1.txt",
"refsource": "CONFIRM",
"url": "https://www.kde.org/info/security/advisory-20141106-1.txt"
},
{
"name": "USN-2402-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2402-1"
},
{
"name": "FEDORA-2014-14895",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/144034.html"
},
{
"name": "[oss-security] 20141106 Re: Privilege Escalation via KDE Clock KCM polkit helper",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/11/07/3"
},
{
"name": "FEDORA-2014-14865",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/144093.html"
},
{
"name": "70904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70904"
}
]
}
}

34
2014/8xxx/CVE-2014-8815.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8815",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8815",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2016/2xxx/CVE-2016-2389.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2389",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "39837",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/39837/"
},
{
"name" : "20160517 [ERPSCAN-16-009] SAP xMII - directory traversal vulnerability",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2016/May/40"
},
{
"name" : "https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/",
"refsource" : "MISC",
"url" : "https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/"
},
{
"name" : "https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review/",
"refsource" : "MISC",
"url" : "https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review/"
},
{
"name" : "http://packetstormsecurity.com/files/137046/SAP-MII-15.0-Directory-Traversal.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/137046/SAP-MII-15.0-Directory-Traversal.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160517 [ERPSCAN-16-009] SAP xMII - directory traversal vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/May/40"
},
{
"name": "http://packetstormsecurity.com/files/137046/SAP-MII-15.0-Directory-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/137046/SAP-MII-15.0-Directory-Traversal.html"
},
{
"name": "https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review/",
"refsource": "MISC",
"url": "https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review/"
},
{
"name": "https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/"
},
{
"name": "39837",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39837/"
}
]
}
}

140
2016/2xxx/CVE-2016-2989.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2989",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in the Connections Portlets component 5.x before 5.0.2 for IBM WebSphere Portal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-2989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21986393",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21986393"
},
{
"name" : "92344",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92344"
},
{
"name" : "1036498",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036498"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in the Connections Portlets component 5.x before 5.0.2 for IBM WebSphere Portal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92344",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92344"
},
{
"name": "1036498",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036498"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21986393",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986393"
}
]
}
}

226
2016/6xxx/CVE-2016-6030.json
View File

@ -1,115 +1,115 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-6030",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Rational Collaborative Lifecycle Management",
"version" : {
"version_data" : [
{
"version_value" : "3.0.1"
},
{
"version_value" : "4.0"
},
{
"version_value" : "3.0.1.6"
},
{
"version_value" : "4.0.1"
},
{
"version_value" : "4.0.2"
},
{
"version_value" : "4.0.3"
},
{
"version_value" : "4.0.4"
},
{
"version_value" : "4.0.5"
},
{
"version_value" : "4.0.6"
},
{
"version_value" : "5.0"
},
{
"version_value" : "4.0.7"
},
{
"version_value" : "5.0.1"
},
{
"version_value" : "5.0.2"
},
{
"version_value" : "6.0"
},
{
"version_value" : "6.0.1"
},
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.3"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-6030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "3.0.1"
},
{
"version_value": "4.0"
},
{
"version_value": "3.0.1.6"
},
{
"version_value": "4.0.1"
},
{
"version_value": "4.0.2"
},
{
"version_value": "4.0.3"
},
{
"version_value": "4.0.4"
},
{
"version_value": "4.0.5"
},
{
"version_value": "4.0.6"
},
{
"version_value": "5.0"
},
{
"version_value": "4.0.7"
},
{
"version_value": "5.0.1"
},
{
"version_value": "5.0.2"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=swg21996097",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=swg21996097"
},
{
"name" : "95110",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95110"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95110",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95110"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=swg21996097",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=swg21996097"
}
]
}
}

34
2016/6xxx/CVE-2016-6052.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6052",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6052",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

136
2016/6xxx/CVE-2016-6737.json
View File

@ -1,70 +1,70 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2016-6737",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Kernel-3.10"
},
{
"version_value" : "Kernel-3.18"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30928456."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-6737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Kernel-3.10"
},
{
"version_value": "Kernel-3.18"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2016-11-01.html"
},
{
"name" : "94202",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94202"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30928456."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94202",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94202"
},
{
"name": "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2016-11-01.html"
}
]
}
}

150
2016/6xxx/CVE-2016-6823.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6823",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160926 CVE-2016-6823 - ImageMagick BMP Coder Out-Of-Bounds Write Vulnerability",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/09/26/3"
},
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834504",
"refsource" : "CONFIRM",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834504"
},
{
"name" : "https://github.com/ImageMagick/ImageMagick/commit/4cc6ec8a4197d4c008577127736bf7985d632323",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/commit/4cc6ec8a4197d4c008577127736bf7985d632323"
},
{
"name" : "93158",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93158"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834504",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834504"
},
{
"name": "93158",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93158"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/commit/4cc6ec8a4197d4c008577127736bf7985d632323",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/commit/4cc6ec8a4197d4c008577127736bf7985d632323"
},
{
"name": "[oss-security] 20160926 CVE-2016-6823 - ImageMagick BMP Coder Out-Of-Bounds Write Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/26/3"
}
]
}
}

132
2017/18xxx/CVE-2017-18053.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-03-05T00:00:00",
"ID" : "CVE-2017-18053",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for fix_param->vdev_id in wma_p2p_lo_event_handler(), which is received from firmware, leads to potential out of bounds memory read."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-03-05T00:00:00",
"ID": "CVE-2017-18053",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=da1c6e996ac7635c202296e31118f088f9427947",
"refsource" : "MISC",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=da1c6e996ac7635c202296e31118f088f9427947"
},
{
"name" : "https://source.android.com/security/bulletin/pixel/2018-03-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2018-03-01"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for fix_param->vdev_id in wma_p2p_lo_event_handler(), which is received from firmware, leads to potential out of bounds memory read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=da1c6e996ac7635c202296e31118f088f9427947",
"refsource": "MISC",
"url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=da1c6e996ac7635c202296e31118f088f9427947"
},
{
"name": "https://source.android.com/security/bulletin/pixel/2018-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-03-01"
}
]
}
}

180
2017/5xxx/CVE-2017-5010.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-5010",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android",
"version" : {
"version_data" : [
{
"version_value" : "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "insufficient policy enforcement"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
},
{
"name" : "https://crbug.com/663476",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/663476"
},
{
"name" : "DSA-3776",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3776"
},
{
"name" : "GLSA-201701-66",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-66"
},
{
"name" : "RHSA-2017:0206",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0206.html"
},
{
"name" : "95792",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95792"
},
{
"name" : "1037718",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037718"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "insufficient policy enforcement"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95792",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95792"
},
{
"name": "https://crbug.com/663476",
"refsource": "CONFIRM",
"url": "https://crbug.com/663476"
},
{
"name": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
},
{
"name": "GLSA-201701-66",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-66"
},
{
"name": "RHSA-2017:0206",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0206.html"
},
{
"name": "1037718",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037718"
},
{
"name": "DSA-3776",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3776"
}
]
}
}

140
2017/5xxx/CVE-2017-5135.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5135",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from the Internet; also, you can write in the MIB because it provides write properties, aka Stringbleed. NOTE: the string-bleed/StringBleed-CVE-2017-5135 GitHub repository is not a valid reference as of 2017-04-27; it contains Trojan horse code purported to exploit this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://stringbleed.github.io/",
"refsource" : "MISC",
"url" : "https://stringbleed.github.io/"
},
{
"name" : "https://www.reddit.com/r/netsec/comments/67qt6u/cve_20175135_snmp_authentication_bypass/",
"refsource" : "MISC",
"url" : "https://www.reddit.com/r/netsec/comments/67qt6u/cve_20175135_snmp_authentication_bypass/"
},
{
"name" : "98092",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98092"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from the Internet; also, you can write in the MIB because it provides write properties, aka Stringbleed. NOTE: the string-bleed/StringBleed-CVE-2017-5135 GitHub repository is not a valid reference as of 2017-04-27; it contains Trojan horse code purported to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://stringbleed.github.io/",
"refsource": "MISC",
"url": "https://stringbleed.github.io/"
},
{
"name": "98092",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98092"
},
{
"name": "https://www.reddit.com/r/netsec/comments/67qt6u/cve_20175135_snmp_authentication_bypass/",
"refsource": "MISC",
"url": "https://www.reddit.com/r/netsec/comments/67qt6u/cve_20175135_snmp_authentication_bypass/"
}
]
}
}

184
2017/5xxx/CVE-2017-5419.json
View File

@ -1,94 +1,94 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2017-5419",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "52"
}
]
}
},
{
"product_name" : "Thunderbird",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "52"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of service (DOS) attack. This vulnerability affects Firefox < 52 and Thunderbird < 52."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Repeated authentication prompts lead to DOS attack"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2017-5419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "52"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "52"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1312243",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1312243"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-05/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-05/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-09/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-09/"
},
{
"name" : "96692",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96692"
},
{
"name" : "1037966",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037966"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of service (DOS) attack. This vulnerability affects Firefox < 52 and Thunderbird < 52."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Repeated authentication prompts lead to DOS attack"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-09/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-09/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1312243",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1312243"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-05/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-05/"
},
{
"name": "1037966",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037966"
},
{
"name": "96692",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96692"
}
]
}
}

120
2017/5xxx/CVE-2017-5914.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5914",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DOT IT Banque Zitouna app 2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f",
"refsource" : "MISC",
"url" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DOT IT Banque Zitouna app 2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f",
"refsource": "MISC",
"url": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f"
}
]
}
}