admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 04:20:25 +00:00
parent af64c43caa
commit 0308f29e4b
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
54 changed files with 4080 additions and 4080 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

310
2006/0xxx/CVE-2006-0002.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0002",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-0002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060110 Microsoft Outlook Critical Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/421520/100/0/threaded"
},
{
"name" : "20060110 Microsoft Exchange Critical Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/421518/100/0/threaded"
},
{
"name" : "MS06-003",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-003"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm"
},
{
"name" : "TA06-010A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-010A.html"
},
{
"name" : "VU#252146",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/252146"
},
{
"name" : "16197",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16197"
},
{
"name" : "ADV-2006-0119",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0119"
},
{
"name" : "oval:org.mitre.oval:def:1082",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1082"
},
{
"name" : "oval:org.mitre.oval:def:1165",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1165"
},
{
"name" : "oval:org.mitre.oval:def:1316",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1316"
},
{
"name" : "oval:org.mitre.oval:def:1456",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1456"
},
{
"name" : "oval:org.mitre.oval:def:1485",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1485"
},
{
"name" : "oval:org.mitre.oval:def:624",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A624"
},
{
"name" : "1015461",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015461"
},
{
"name" : "1015460",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015460"
},
{
"name" : "18368",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18368"
},
{
"name" : "330",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/330"
},
{
"name" : "331",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/331"
},
{
"name" : "win-tnef-overflow(22878)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22878"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:1082",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1082"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm"
},
{
"name": "oval:org.mitre.oval:def:1165",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1165"
},
{
"name": "1015460",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015460"
},
{
"name": "20060110 Microsoft Outlook Critical Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421520/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:624",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A624"
},
{
"name": "win-tnef-overflow(22878)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22878"
},
{
"name": "331",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/331"
},
{
"name": "oval:org.mitre.oval:def:1485",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1485"
},
{
"name": "oval:org.mitre.oval:def:1316",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1316"
},
{
"name": "ADV-2006-0119",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0119"
},
{
"name": "MS06-003",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-003"
},
{
"name": "oval:org.mitre.oval:def:1456",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1456"
},
{
"name": "330",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/330"
},
{
"name": "16197",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16197"
},
{
"name": "20060110 Microsoft Exchange Critical Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421518/100/0/threaded"
},
{
"name": "18368",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18368"
},
{
"name": "VU#252146",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/252146"
},
{
"name": "TA06-010A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-010A.html"
},
{
"name": "1015461",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015461"
}
]
}
}

420
2006/0xxx/CVE-2006-0049.json
View File

@ -1,212 +1,212 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0049",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2006-0049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060309 GnuPG does not detect injection of unsigned data",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/427324/100/0/threaded"
},
{
"name" : "[gnupg-announce] 20060309 [Announce] GnuPG does not detect injection of unsigned data",
"refsource" : "MLIST",
"url" : "http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html"
},
{
"name" : "DSA-993",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-993"
},
{
"name" : "FEDORA-2006-147",
"refsource" : "FEDORA",
"url" : "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.html"
},
{
"name" : "FLSA-2006:185355",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/433931/100/0/threaded"
},
{
"name" : "GLSA-200603-08",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml"
},
{
"name" : "MDKSA-2006:055",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:055"
},
{
"name" : "RHSA-2006:0266",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0266.html"
},
{
"name" : "20060401-01-U",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name" : "SSA:2006-072-02",
"refsource" : "SLACKWARE",
"url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.476477"
},
{
"name" : "SUSE-SA:2006:014",
"refsource" : "SUSE",
"url" : "http://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.html"
},
{
"name" : "2006-0014",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.org/errata/2006/0014"
},
{
"name" : "USN-264-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/264-1/"
},
{
"name" : "17058",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17058"
},
{
"name" : "oval:org.mitre.oval:def:10063",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10063"
},
{
"name" : "ADV-2006-0915",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0915"
},
{
"name" : "23790",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23790"
},
{
"name" : "1015749",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015749"
},
{
"name" : "19173",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19173"
},
{
"name" : "19203",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19203"
},
{
"name" : "19244",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19244"
},
{
"name" : "19231",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19231"
},
{
"name" : "19249",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19249"
},
{
"name" : "19287",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19287"
},
{
"name" : "19197",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19197"
},
{
"name" : "19232",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19232"
},
{
"name" : "19234",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19234"
},
{
"name" : "19532",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19532"
},
{
"name" : "450",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/450"
},
{
"name" : "568",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/568"
},
{
"name" : "gnupg-nondetached-sig-verification(25184)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25184"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-264-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/264-1/"
},
{
"name": "19249",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19249"
},
{
"name": "ADV-2006-0915",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0915"
},
{
"name": "RHSA-2006:0266",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0266.html"
},
{
"name": "20060401-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "[gnupg-announce] 20060309 [Announce] GnuPG does not detect injection of unsigned data",
"refsource": "MLIST",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html"
},
{
"name": "450",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/450"
},
{
"name": "19232",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19232"
},
{
"name": "23790",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23790"
},
{
"name": "SSA:2006-072-02",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.476477"
},
{
"name": "19173",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19173"
},
{
"name": "FLSA-2006:185355",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/433931/100/0/threaded"
},
{
"name": "17058",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17058"
},
{
"name": "568",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/568"
},
{
"name": "oval:org.mitre.oval:def:10063",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10063"
},
{
"name": "19287",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19287"
},
{
"name": "2006-0014",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0014"
},
{
"name": "1015749",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015749"
},
{
"name": "19532",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19532"
},
{
"name": "SUSE-SA:2006:014",
"refsource": "SUSE",
"url": "http://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.html"
},
{
"name": "GLSA-200603-08",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml"
},
{
"name": "gnupg-nondetached-sig-verification(25184)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25184"
},
{
"name": "19234",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19234"
},
{
"name": "FEDORA-2006-147",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.html"
},
{
"name": "19197",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19197"
},
{
"name": "19244",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19244"
},
{
"name": "19203",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19203"
},
{
"name": "MDKSA-2006:055",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:055"
},
{
"name": "20060309 GnuPG does not detect injection of unsigned data",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427324/100/0/threaded"
},
{
"name": "19231",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19231"
},
{
"name": "DSA-993",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-993"
}
]
}
}

200
2006/0xxx/CVE-2006-0316.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0316",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in YGPPicFinder.DLL in AOL You've Got Pictures (YGP) Picture Finder Tool ActiveX Control, as used in AOL 8.0, 8.0 Plus, and 9.0 Classic, allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0316",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://news.com.com/2061-10789_3-6027865.html?part=rss&tag=6027865&subj=news",
"refsource" : "MISC",
"url" : "http://news.com.com/2061-10789_3-6027865.html?part=rss&tag=6027865&subj=news"
},
{
"name" : "http://www.kb.cert.org/vuls/id/MIMG-6KRSQP",
"refsource" : "CONFIRM",
"url" : "http://www.kb.cert.org/vuls/id/MIMG-6KRSQP"
},
{
"name" : "VU#715730",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/715730"
},
{
"name" : "16262",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16262"
},
{
"name" : "ADV-2006-0221",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0221"
},
{
"name" : "22486",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22486"
},
{
"name" : "1015494",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015494"
},
{
"name" : "18521",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18521"
},
{
"name" : "aol-youvegotpictures-activex-bo(24160)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24160"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in YGPPicFinder.DLL in AOL You've Got Pictures (YGP) Picture Finder Tool ActiveX Control, as used in AOL 8.0, 8.0 Plus, and 9.0 Classic, allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0221",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0221"
},
{
"name": "22486",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22486"
},
{
"name": "http://www.kb.cert.org/vuls/id/MIMG-6KRSQP",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MIMG-6KRSQP"
},
{
"name": "18521",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18521"
},
{
"name": "http://news.com.com/2061-10789_3-6027865.html?part=rss&tag=6027865&subj=news",
"refsource": "MISC",
"url": "http://news.com.com/2061-10789_3-6027865.html?part=rss&tag=6027865&subj=news"
},
{
"name": "16262",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16262"
},
{
"name": "aol-youvegotpictures-activex-bo(24160)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24160"
},
{
"name": "1015494",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015494"
},
{
"name": "VU#715730",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/715730"
}
]
}
}

160
2006/3xxx/CVE-2006-3063.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3063",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in myPHP Guestbook 1.x through 2.0.0-r1 and before 2.0.1 RC5 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) email, (3) homepage, (4) id, (5) name, and (6) text parameters in (a) index.php, the (7) comment, (8) email, (9) homepage, (10) number, (11) name, and (12) text parameters in (b) admin/guestbook.php, and the (13) email, (14) homepage, (15) icq, (16) name, and (17) text parameters in (c) admin/edit.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.networkarea.ch/forum/topic.php?id=4&s=9106beea248ecd1a552439168ada227e",
"refsource" : "CONFIRM",
"url" : "http://www.networkarea.ch/forum/topic.php?id=4&s=9106beea248ecd1a552439168ada227e"
},
{
"name" : "18582",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18582"
},
{
"name" : "ADV-2006-2480",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2480"
},
{
"name" : "20764",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20764"
},
{
"name" : "myphp-guestbook-multiple-scripts-xss(27293)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27293"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in myPHP Guestbook 1.x through 2.0.0-r1 and before 2.0.1 RC5 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) email, (3) homepage, (4) id, (5) name, and (6) text parameters in (a) index.php, the (7) comment, (8) email, (9) homepage, (10) number, (11) name, and (12) text parameters in (b) admin/guestbook.php, and the (13) email, (14) homepage, (15) icq, (16) name, and (17) text parameters in (c) admin/edit.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.networkarea.ch/forum/topic.php?id=4&s=9106beea248ecd1a552439168ada227e",
"refsource": "CONFIRM",
"url": "http://www.networkarea.ch/forum/topic.php?id=4&s=9106beea248ecd1a552439168ada227e"
},
{
"name": "20764",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20764"
},
{
"name": "18582",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18582"
},
{
"name": "myphp-guestbook-multiple-scripts-xss(27293)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27293"
},
{
"name": "ADV-2006-2480",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2480"
}
]
}
}

200
2006/3xxx/CVE-2006-3379.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3379",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Algorithmic complexity vulnerability in Hiki Wiki 0.6.0 through 0.6.5 and 0.8.0 through 0.8.5 allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3379",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://hikiwiki.org/en/advisory20060703.html",
"refsource" : "CONFIRM",
"url" : "http://hikiwiki.org/en/advisory20060703.html"
},
{
"name" : "DSA-1119",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1119"
},
{
"name" : "JVN#98836916",
"refsource" : "JVN",
"url" : "http://jvn.jp/jp/JVN%2398836916/index.html"
},
{
"name" : "18785",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18785"
},
{
"name" : "ADV-2006-2643",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2643"
},
{
"name" : "26970",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26970"
},
{
"name" : "20741",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20741"
},
{
"name" : "21150",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21150"
},
{
"name" : "hiki-diff-dos(27507)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27507"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Algorithmic complexity vulnerability in Hiki Wiki 0.6.0 through 0.6.5 and 0.8.0 through 0.8.5 allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18785",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18785"
},
{
"name": "26970",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26970"
},
{
"name": "21150",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21150"
},
{
"name": "DSA-1119",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1119"
},
{
"name": "ADV-2006-2643",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2643"
},
{
"name": "JVN#98836916",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2398836916/index.html"
},
{
"name": "http://hikiwiki.org/en/advisory20060703.html",
"refsource": "CONFIRM",
"url": "http://hikiwiki.org/en/advisory20060703.html"
},
{
"name": "20741",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20741"
},
{
"name": "hiki-diff-dos(27507)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27507"
}
]
}
}

130
2006/3xxx/CVE-2006-3731.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3731",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted attackers to cause a denial of service (crash) via a form with a multipart/form-data encoding and a user-uploaded file. NOTE: a third party has claimed that this issue might be related to the LiveHTTPHeaders extension."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3731",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060711 crashing firefox <= 1.5.0.4",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/440119/100/100/threaded"
},
{
"name" : "20060715 Re: crashing firefox <= 1.5.0.4",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/440506/100/0/threaded"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted attackers to cause a denial of service (crash) via a form with a multipart/form-data encoding and a user-uploaded file. NOTE: a third party has claimed that this issue might be related to the LiveHTTPHeaders extension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060711 crashing firefox <= 1.5.0.4",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440119/100/100/threaded"
},
{
"name": "20060715 Re: crashing firefox <= 1.5.0.4",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440506/100/0/threaded"
}
]
}
}

190
2006/3xxx/CVE-2006-3980.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3980",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in administrator/components/com_mgm/help.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060728 Mambo Gallery Manager v095.r3 Remote File Inclusion Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/441533/100/0/threaded"
},
{
"name" : "2084",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2084"
},
{
"name" : "19224",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19224"
},
{
"name" : "ADV-2006-3054",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3054"
},
{
"name" : "27650",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27650"
},
{
"name" : "21268",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21268"
},
{
"name" : "1322",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1322"
},
{
"name" : "mgm-helpmgm-file-include(28072)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28072"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in administrator/components/com_mgm/help.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27650",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27650"
},
{
"name": "19224",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19224"
},
{
"name": "2084",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2084"
},
{
"name": "mgm-helpmgm-file-include(28072)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28072"
},
{
"name": "1322",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1322"
},
{
"name": "ADV-2006-3054",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3054"
},
{
"name": "20060728 Mambo Gallery Manager v095.r3 Remote File Inclusion Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441533/100/0/threaded"
},
{
"name": "21268",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21268"
}
]
}
}

140
2006/4xxx/CVE-2006-4366.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4366",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in index.php in RedBLoG 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4366",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.securityfocus.com/data/vulnerabilities/exploits/19658-rfi.html",
"refsource" : "MISC",
"url" : "http://www.securityfocus.com/data/vulnerabilities/exploits/19658-rfi.html"
},
{
"name" : "19658",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19658"
},
{
"name" : "30311",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/30311"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in index.php in RedBLoG 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19658",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19658"
},
{
"name": "http://www.securityfocus.com/data/vulnerabilities/exploits/19658-rfi.html",
"refsource": "MISC",
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/19658-rfi.html"
},
{
"name": "30311",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30311"
}
]
}
}

150
2006/4xxx/CVE-2006-4626.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4626",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in alwil avast! Anti-virus Engine before 4.7.869 allows remote attackers to execute arbitrary code via a crafted LHA file that contains extended headers with file and directory names whose concatenation triggers the overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.hustlelabs.com/advisories/04072006_alwil.pdf",
"refsource" : "MISC",
"url" : "http://www.hustlelabs.com/advisories/04072006_alwil.pdf"
},
{
"name" : "19903",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19903"
},
{
"name" : "ADV-2006-3515",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3515"
},
{
"name" : "21794",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21794"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in alwil avast! Anti-virus Engine before 4.7.869 allows remote attackers to execute arbitrary code via a crafted LHA file that contains extended headers with file and directory names whose concatenation triggers the overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.hustlelabs.com/advisories/04072006_alwil.pdf",
"refsource": "MISC",
"url": "http://www.hustlelabs.com/advisories/04072006_alwil.pdf"
},
{
"name": "19903",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19903"
},
{
"name": "ADV-2006-3515",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3515"
},
{
"name": "21794",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21794"
}
]
}
}

350
2006/6xxx/CVE-2006-6737.json
View File

@ -1,177 +1,177 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6737",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 5 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_10 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to \"access data in other applets,\" aka \"The first issue.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html",
"refsource" : "CONFIRM",
"url" : "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html"
},
{
"name" : "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html",
"refsource" : "CONFIRM",
"url" : "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html"
},
{
"name" : "GLSA-200701-15",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200701-15.xml"
},
{
"name" : "GLSA-200702-08",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200702-08.xml"
},
{
"name" : "GLSA-200705-20",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200705-20.xml"
},
{
"name" : "RHSA-2007:0062",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0062.html"
},
{
"name" : "RHSA-2007:0072",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0072.html"
},
{
"name" : "RHSA-2007:0073",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0073.html"
},
{
"name" : "102732",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1"
},
{
"name" : "SUSE-SA:2007:003",
"refsource" : "SUSE",
"url" : "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0003.html"
},
{
"name" : "SUSE-SA:2007:010",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html"
},
{
"name" : "SUSE-SA:2007:045",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_45_java.html"
},
{
"name" : "21674",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21674"
},
{
"name" : "oval:org.mitre.oval:def:11087",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11087"
},
{
"name" : "ADV-2006-5075",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/5075"
},
{
"name" : "1017427",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017427"
},
{
"name" : "23398",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23398"
},
{
"name" : "23650",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23650"
},
{
"name" : "23835",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23835"
},
{
"name" : "24099",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24099"
},
{
"name" : "24189",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24189"
},
{
"name" : "25404",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25404"
},
{
"name" : "26049",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26049"
},
{
"name" : "26119",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26119"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 5 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_10 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to \"access data in other applets,\" aka \"The first issue.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26049",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26049"
},
{
"name": "RHSA-2007:0062",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0062.html"
},
{
"name": "oval:org.mitre.oval:def:11087",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11087"
},
{
"name": "24099",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24099"
},
{
"name": "25404",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25404"
},
{
"name": "1017427",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017427"
},
{
"name": "24189",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24189"
},
{
"name": "ADV-2006-5075",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5075"
},
{
"name": "SUSE-SA:2007:045",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_45_java.html"
},
{
"name": "SUSE-SA:2007:003",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0003.html"
},
{
"name": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html"
},
{
"name": "SUSE-SA:2007:010",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html"
},
{
"name": "26119",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26119"
},
{
"name": "RHSA-2007:0072",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0072.html"
},
{
"name": "21674",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21674"
},
{
"name": "23650",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23650"
},
{
"name": "23835",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23835"
},
{
"name": "RHSA-2007:0073",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0073.html"
},
{
"name": "GLSA-200705-20",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200705-20.xml"
},
{
"name": "GLSA-200702-08",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200702-08.xml"
},
{
"name": "23398",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23398"
},
{
"name": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html"
},
{
"name": "102732",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1"
},
{
"name": "GLSA-200701-15",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200701-15.xml"
}
]
}
}

120
2006/6xxx/CVE-2006-6989.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6989",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-domain vulnerability in NetCaptor 4.5.7 Personal Edition allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/06/multiple-browsers-information.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/06/multiple-browsers-information.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-domain vulnerability in NetCaptor 4.5.7 Personal Edition allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pridels0.blogspot.com/2006/06/multiple-browsers-information.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/06/multiple-browsers-information.html"
}
]
}
}

130
2006/7xxx/CVE-2006-7135.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7135",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in lib/functions.inc.php in PHP Poll Creator (phpPC) 1.04 allows remote attackers to execute arbitrary PHP code via a URL in the relativer_pfad parameter, a different vector and version than CVE-2005-1755. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15510",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15510"
},
{
"name" : "phppc-functions-file-include(29393)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29393"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in lib/functions.inc.php in PHP Poll Creator (phpPC) 1.04 allows remote attackers to execute arbitrary PHP code via a URL in the relativer_pfad parameter, a different vector and version than CVE-2005-1755. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15510",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15510"
},
{
"name": "phppc-functions-file-include(29393)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29393"
}
]
}
}

150
2010/2xxx/CVE-2010-2585.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2585",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in the RealPage Module Upload ActiveX control in Realpage.dll 1.0.0.9 in RealPage Module ActiveX Controls allow remote attackers to execute arbitrary code via a long (1) DestURL or (2) SourceFile property value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2010-2585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://secunia.com/secunia_research/2010-119/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2010-119/"
},
{
"name" : "44302",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44302"
},
{
"name" : "68814",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/68814"
},
{
"name" : "41392",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41392"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the RealPage Module Upload ActiveX control in Realpage.dll 1.0.0.9 in RealPage Module ActiveX Controls allow remote attackers to execute arbitrary code via a long (1) DestURL or (2) SourceFile property value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41392",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41392"
},
{
"name": "68814",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/68814"
},
{
"name": "44302",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44302"
},
{
"name": "http://secunia.com/secunia_research/2010-119/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2010-119/"
}
]
}
}

150
2010/2xxx/CVE-2010-2694.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2694",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the redSHOP Component (com_redshop) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14312",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14312"
},
{
"name" : "41533",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41533"
},
{
"name" : "40535",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40535"
},
{
"name" : "ADV-2010-1776",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1776"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the redSHOP Component (com_redshop) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40535",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40535"
},
{
"name": "ADV-2010-1776",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1776"
},
{
"name": "41533",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41533"
},
{
"name": "14312",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14312"
}
]
}
}

150
2010/2xxx/CVE-2010-2746.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2746",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka \"Comctl32 Heap Overflow Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-2746",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS10-081",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-081"
},
{
"name" : "TA10-285A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-285A.html"
},
{
"name" : "oval:org.mitre.oval:def:7272",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7272"
},
{
"name" : "1024549",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024549"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka \"Comctl32 Heap Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024549",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024549"
},
{
"name": "oval:org.mitre.oval:def:7272",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7272"
},
{
"name": "TA10-285A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html"
},
{
"name": "MS10-081",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-081"
}
]
}
}

230
2010/2xxx/CVE-2010-2812.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2812",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Client.cpp in ZNC 0.092 allows remote attackers to cause a denial of service (exception and daemon crash) via a PING command that lacks an argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100809 CVE Request - ZNC",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=128146352011964&w=2"
},
{
"name" : "[oss-security] 20100809 Re: CVE Request - ZNC",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=128146120727810&w=2"
},
{
"name" : "[oss-security] 20100810 Re: Re: CVE Request - ZNC",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=128152390219401&w=2"
},
{
"name" : "http://znc.svn.sourceforge.net/viewvc/znc/trunk/Client.cpp?r1=2093&r2=2092&pathrev=2093",
"refsource" : "CONFIRM",
"url" : "http://znc.svn.sourceforge.net/viewvc/znc/trunk/Client.cpp?r1=2093&r2=2092&pathrev=2093"
},
{
"name" : "http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2093",
"refsource" : "CONFIRM",
"url" : "http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2093"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=622600",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=622600"
},
{
"name" : "FEDORA-2010-12468",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045386.html"
},
{
"name" : "FEDORA-2010-12481",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045385.html"
},
{
"name" : "42314",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/42314"
},
{
"name" : "40919",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40919"
},
{
"name" : "40970",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40970"
},
{
"name" : "ADV-2010-2071",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2071"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Client.cpp in ZNC 0.092 allows remote attackers to cause a denial of service (exception and daemon crash) via a PING command that lacks an argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-2071",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2071"
},
{
"name": "40919",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40919"
},
{
"name": "FEDORA-2010-12481",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045385.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=622600",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=622600"
},
{
"name": "42314",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42314"
},
{
"name": "[oss-security] 20100810 Re: Re: CVE Request - ZNC",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=128152390219401&w=2"
},
{
"name": "http://znc.svn.sourceforge.net/viewvc/znc/trunk/Client.cpp?r1=2093&r2=2092&pathrev=2093",
"refsource": "CONFIRM",
"url": "http://znc.svn.sourceforge.net/viewvc/znc/trunk/Client.cpp?r1=2093&r2=2092&pathrev=2093"
},
{
"name": "[oss-security] 20100809 CVE Request - ZNC",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=128146352011964&w=2"
},
{
"name": "[oss-security] 20100809 Re: CVE Request - ZNC",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=128146120727810&w=2"
},
{
"name": "FEDORA-2010-12468",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045386.html"
},
{
"name": "40970",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40970"
},
{
"name": "http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2093",
"refsource": "CONFIRM",
"url": "http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2093"
}
]
}
}

350
2010/3xxx/CVE-2010-3493.json
View File

@ -1,177 +1,177 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3493",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100909 CVE Request -- Python -- accept() implementation in async core is broken => more subcases",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/09/09/6"
},
{
"name" : "[oss-security] 20100910 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/09/11/2"
},
{
"name" : "[oss-security] 20100922 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/09/22/3"
},
{
"name" : "[oss-security] 20100924 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/09/24/3"
},
{
"name" : "http://bugs.python.org/issue6706",
"refsource" : "MISC",
"url" : "http://bugs.python.org/issue6706"
},
{
"name" : "https://bugs.launchpad.net/zodb/+bug/135108",
"refsource" : "MISC",
"url" : "https://bugs.launchpad.net/zodb/+bug/135108"
},
{
"name" : "http://bugs.python.org/issue9129",
"refsource" : "CONFIRM",
"url" : "http://bugs.python.org/issue9129"
},
{
"name" : "http://svn.python.org/view/python/branches/py3k/Lib/smtpd.py?r1=84289&r2=84288&pathrev=84289",
"refsource" : "CONFIRM",
"url" : "http://svn.python.org/view/python/branches/py3k/Lib/smtpd.py?r1=84289&r2=84288&pathrev=84289"
},
{
"name" : "http://svn.python.org/view?view=rev&revision=84289",
"refsource" : "CONFIRM",
"url" : "http://svn.python.org/view?view=rev&revision=84289"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=632200",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=632200"
},
{
"name" : "MDVSA-2010:216",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:216"
},
{
"name" : "MDVSA-2010:215",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:215"
},
{
"name" : "SUSE-SR:2010:024",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name" : "SUSE-SR:2011:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name" : "USN-1596-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1596-1"
},
{
"name" : "USN-1613-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1613-2"
},
{
"name" : "USN-1613-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1613-1"
},
{
"name" : "44533",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44533"
},
{
"name" : "oval:org.mitre.oval:def:12210",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12210"
},
{
"name" : "43068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43068"
},
{
"name" : "50858",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50858"
},
{
"name" : "51024",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51024"
},
{
"name" : "51040",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51040"
},
{
"name" : "ADV-2011-0212",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0212"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://svn.python.org/view/python/branches/py3k/Lib/smtpd.py?r1=84289&r2=84288&pathrev=84289",
"refsource": "CONFIRM",
"url": "http://svn.python.org/view/python/branches/py3k/Lib/smtpd.py?r1=84289&r2=84288&pathrev=84289"
},
{
"name": "[oss-security] 20100910 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/11/2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=632200",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=632200"
},
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "https://bugs.launchpad.net/zodb/+bug/135108",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/zodb/+bug/135108"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "51040",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51040"
},
{
"name": "oval:org.mitre.oval:def:12210",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12210"
},
{
"name": "50858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50858"
},
{
"name": "MDVSA-2010:216",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:216"
},
{
"name": "http://bugs.python.org/issue9129",
"refsource": "CONFIRM",
"url": "http://bugs.python.org/issue9129"
},
{
"name": "44533",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44533"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "[oss-security] 20100924 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/24/3"
},
{
"name": "USN-1596-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1596-1"
},
{
"name": "[oss-security] 20100922 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/22/3"
},
{
"name": "http://bugs.python.org/issue6706",
"refsource": "MISC",
"url": "http://bugs.python.org/issue6706"
},
{
"name": "[oss-security] 20100909 CVE Request -- Python -- accept() implementation in async core is broken => more subcases",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/09/6"
},
{
"name": "USN-1613-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1613-2"
},
{
"name": "SUSE-SR:2010:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name": "http://svn.python.org/view?view=rev&revision=84289",
"refsource": "CONFIRM",
"url": "http://svn.python.org/view?view=rev&revision=84289"
},
{
"name": "51024",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51024"
},
{
"name": "USN-1613-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1613-1"
},
{
"name": "MDVSA-2010:215",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:215"
}
]
}
}

300
2010/3xxx/CVE-2010-3559.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3559",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-3559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-208/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-208/"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100114315",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100114315"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100123193",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100123193"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name" : "HPSBUX02608",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748"
},
{
"name" : "SSRT100333",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748"
},
{
"name" : "HPSBMU02799",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
},
{
"name" : "RHSA-2010:0770",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
},
{
"name" : "RHSA-2010:0807",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
},
{
"name" : "RHSA-2010:0873",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
},
{
"name" : "SUSE-SR:2010:019",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"name" : "44026",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44026"
},
{
"name" : "oval:org.mitre.oval:def:11880",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11880"
},
{
"name" : "oval:org.mitre.oval:def:12556",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12556"
},
{
"name" : "41967",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41967"
},
{
"name" : "42974",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42974"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-208/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-208/"
},
{
"name": "http://support.avaya.com/css/P8/documents/100114315",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100114315"
},
{
"name": "HPSBMU02799",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
},
{
"name": "RHSA-2010:0770",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
},
{
"name": "SSRT100333",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748"
},
{
"name": "oval:org.mitre.oval:def:11880",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11880"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
},
{
"name": "44026",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44026"
},
{
"name": "RHSA-2010:0873",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
},
{
"name": "oval:org.mitre.oval:def:12556",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12556"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "42974",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42974"
},
{
"name": "HPSBUX02608",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748"
},
{
"name": "http://support.avaya.com/css/P8/documents/100123193",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100123193"
},
{
"name": "SUSE-SR:2010:019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "41967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41967"
},
{
"name": "RHSA-2010:0807",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
}
]
}
}

220
2011/0xxx/CVE-2011-0081.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0081",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=645289",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=645289"
},
{
"name" : "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird",
"refsource" : "CONFIRM",
"url" : "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird"
},
{
"name" : "http://downloads.avaya.com/css/P8/documents/100144158",
"refsource" : "CONFIRM",
"url" : "http://downloads.avaya.com/css/P8/documents/100144158"
},
{
"name" : "DSA-2227",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2227"
},
{
"name" : "DSA-2228",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2228"
},
{
"name" : "DSA-2235",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2235"
},
{
"name" : "MDVSA-2011:080",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:080"
},
{
"name" : "MDVSA-2011:079",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079"
},
{
"name" : "47653",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47653"
},
{
"name" : "oval:org.mitre.oval:def:13993",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13993"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47653",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47653"
},
{
"name": "DSA-2228",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2228"
},
{
"name": "MDVSA-2011:079",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079"
},
{
"name": "oval:org.mitre.oval:def:13993",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13993"
},
{
"name": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird",
"refsource": "CONFIRM",
"url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird"
},
{
"name": "DSA-2235",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2235"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=645289",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=645289"
},
{
"name": "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html"
},
{
"name": "MDVSA-2011:080",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:080"
},
{
"name": "DSA-2227",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2227"
},
{
"name": "http://downloads.avaya.com/css/P8/documents/100144158",
"refsource": "CONFIRM",
"url": "http://downloads.avaya.com/css/P8/documents/100144158"
}
]
}
}

34
2011/0xxx/CVE-2011-0356.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0356",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0356",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2011/0xxx/CVE-2011-0460.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0460",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=663898",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=663898"
},
{
"name" : "openSUSE-SU-2011:0357",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2011-04/msg00053.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2011:0357",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00053.html"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=663898",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=663898"
}
]
}
}

190
2011/1xxx/CVE-2011-1875.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1875",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka \"Win32k Use After Free Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-1875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.avaya.com/css/P8/documents/100144947",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100144947"
},
{
"name" : "MS11-054",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-054"
},
{
"name" : "TA11-193A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-193A.html"
},
{
"name" : "48589",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/48589"
},
{
"name" : "73785",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/73785"
},
{
"name" : "oval:org.mitre.oval:def:12704",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12704"
},
{
"name" : "1025761",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025761"
},
{
"name" : "45186",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/45186"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka \"Win32k Use After Free Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "73785",
"refsource": "OSVDB",
"url": "http://osvdb.org/73785"
},
{
"name": "oval:org.mitre.oval:def:12704",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12704"
},
{
"name": "MS11-054",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-054"
},
{
"name": "48589",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48589"
},
{
"name": "http://support.avaya.com/css/P8/documents/100144947",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100144947"
},
{
"name": "TA11-193A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-193A.html"
},
{
"name": "45186",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45186"
},
{
"name": "1025761",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025761"
}
]
}
}

160
2011/1xxx/CVE-2011-1952.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1952",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "common.php in Post Revolution before 0.8.0c-2 allows remote attackers to cause a denial of service (infinite loop) via malformed HTML markup, as demonstrated by an a< sequence."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1952",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110601 Post Revolution 0.8.0c Multiple Remote Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/518205/100/0/threaded"
},
{
"name" : "http://javierb.com.ar/2011/06/01/postrev-vunls/",
"refsource" : "MISC",
"url" : "http://javierb.com.ar/2011/06/01/postrev-vunls/"
},
{
"name" : "http://postrev.com.ar/verpost.php?id_noticia=59",
"refsource" : "CONFIRM",
"url" : "http://postrev.com.ar/verpost.php?id_noticia=59"
},
{
"name" : "47967",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47967"
},
{
"name" : "8270",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8270"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "common.php in Post Revolution before 0.8.0c-2 allows remote attackers to cause a denial of service (infinite loop) via malformed HTML markup, as demonstrated by an a< sequence."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110601 Post Revolution 0.8.0c Multiple Remote Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/518205/100/0/threaded"
},
{
"name": "47967",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47967"
},
{
"name": "http://javierb.com.ar/2011/06/01/postrev-vunls/",
"refsource": "MISC",
"url": "http://javierb.com.ar/2011/06/01/postrev-vunls/"
},
{
"name": "8270",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8270"
},
{
"name": "http://postrev.com.ar/verpost.php?id_noticia=59",
"refsource": "CONFIRM",
"url": "http://postrev.com.ar/verpost.php?id_noticia=59"
}
]
}
}

120
2011/4xxx/CVE-2011-4260.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4260",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed header in an MP4 file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4260",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://service.real.com/realplayer/security/11182011_player/en/",
"refsource" : "CONFIRM",
"url" : "http://service.real.com/realplayer/security/11182011_player/en/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed header in an MP4 file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://service.real.com/realplayer/security/11182011_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/11182011_player/en/"
}
]
}
}

150
2014/2xxx/CVE-2014-2093.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2093",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Catfish through 0.4.0.3 allows local users to gain privileges via a Trojan horse catfish.py in the current working directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2093",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140225 Re: CVE request for catfish program",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/02/25/4"
},
{
"name" : "[oss-security] 20140225 Re: CVE request for catfish program",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/02/25/2"
},
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739958",
"refsource" : "CONFIRM",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739958"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1069396",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1069396"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Catfish through 0.4.0.3 allows local users to gain privileges via a Trojan horse catfish.py in the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1069396",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069396"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739958",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739958"
},
{
"name": "[oss-security] 20140225 Re: CVE request for catfish program",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/02/25/2"
},
{
"name": "[oss-security] 20140225 Re: CVE request for catfish program",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/02/25/4"
}
]
}
}

150
2014/3xxx/CVE-2014-3054.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3054",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple open redirect vulnerabilities in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677032",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677032"
},
{
"name" : "PI18909",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909"
},
{
"name" : "60499",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60499"
},
{
"name" : "ibm-wsputl-cve20143054-redirect(93528)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93528"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple open redirect vulnerabilities in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60499",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60499"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677032",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677032"
},
{
"name": "ibm-wsputl-cve20143054-redirect(93528)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93528"
},
{
"name": "PI18909",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909"
}
]
}
}

140
2014/3xxx/CVE-2014-3545.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3545",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to execute arbitrary code via a calculated question in a quiz."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140721 Moodle security notifications public",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/07/21/1"
},
{
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46148",
"refsource" : "CONFIRM",
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46148"
},
{
"name" : "https://moodle.org/mod/forum/discuss.php?d=264266",
"refsource" : "CONFIRM",
"url" : "https://moodle.org/mod/forum/discuss.php?d=264266"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to execute arbitrary code via a calculated question in a quiz."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://moodle.org/mod/forum/discuss.php?d=264266",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=264266"
},
{
"name": "[oss-security] 20140721 Moodle security notifications public",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/07/21/1"
},
{
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46148",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46148"
}
]
}
}

210
2014/6xxx/CVE-2014-6210.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6210",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying the same column within multiple ALTER TABLE statements."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6210",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21690891",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21690891"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693197",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693197"
},
{
"name" : "IC96934",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96934"
},
{
"name" : "IT04138",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04138"
},
{
"name" : "IT05651",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05651"
},
{
"name" : "IT05652",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05652"
},
{
"name" : "71730",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71730"
},
{
"name" : "1034572",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034572"
},
{
"name" : "62092",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62092"
},
{
"name" : "ibm-db2-cve20146210-dos(98685)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98685"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying the same column within multiple ALTER TABLE statements."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IT05652",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05652"
},
{
"name": "62092",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62092"
},
{
"name": "IT05651",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05651"
},
{
"name": "71730",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71730"
},
{
"name": "1034572",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034572"
},
{
"name": "IT04138",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04138"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21693197",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693197"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21690891",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690891"
},
{
"name": "IC96934",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96934"
},
{
"name": "ibm-db2-cve20146210-dos(98685)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98685"
}
]
}
}

34
2014/6xxx/CVE-2014-6274.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6274",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6274",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/6xxx/CVE-2014-6391.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6391",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6391",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2014/6xxx/CVE-2014-6914.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6914",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Houcine El Jasmi (aka com.devkhr31.houcineeljasmi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#182185",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/182185"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Houcine El Jasmi (aka com.devkhr31.houcineeljasmi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#182185",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/182185"
}
]
}
}

140
2014/7xxx/CVE-2014-7117.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7117",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Forest Area FCU Mobile (aka com.metova.cuae.fafcu) application 1.0.29 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7117",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#932473",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/932473"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Forest Area FCU Mobile (aka com.metova.cuae.fafcu) application 1.0.29 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#932473",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/932473"
}
]
}
}

34
2014/7xxx/CVE-2014-7218.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7218",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7218",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2014/7xxx/CVE-2014-7250.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7250",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-7250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195243",
"refsource" : "MISC",
"url" : "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195243"
},
{
"name" : "JVN#07930208",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN07930208/index.html"
},
{
"name" : "JVNDB-2014-000134",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000134"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#07930208",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN07930208/index.html"
},
{
"name": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195243",
"refsource": "MISC",
"url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195243"
},
{
"name": "JVNDB-2014-000134",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000134"
}
]
}
}

170
2014/7xxx/CVE-2014-7288.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7288",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2014-7288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "35949",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/35949"
},
{
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150129_00",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150129_00"
},
{
"name" : "72308",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72308"
},
{
"name" : "117766",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/117766"
},
{
"name" : "1031673",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031673"
},
{
"name" : "symantec-cve20147288-command-exec(100763)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100763"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031673",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031673"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150129_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150129_00"
},
{
"name": "35949",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35949"
},
{
"name": "symantec-cve20147288-command-exec(100763)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100763"
},
{
"name": "117766",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/117766"
},
{
"name": "72308",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72308"
}
]
}
}

140
2014/7xxx/CVE-2014-7345.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7345",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DIYChatroom (aka com.tapatalk.diychatroomcom) application 3.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#791233",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/791233"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DIYChatroom (aka com.tapatalk.diychatroomcom) application 3.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#791233",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/791233"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

150
2014/8xxx/CVE-2014-8664.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8664",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/",
"refsource" : "MISC",
"url" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/"
},
{
"name" : "http://service.sap.com/sap/support/notes/0001810405",
"refsource" : "MISC",
"url" : "http://service.sap.com/sap/support/notes/0001810405"
},
{
"name" : "71025",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71025"
},
{
"name" : "sap-ehsm-cve20148664-sql-injection(98611)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98611"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sap-ehsm-cve20148664-sql-injection(98611)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98611"
},
{
"name": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/",
"refsource": "MISC",
"url": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/"
},
{
"name": "http://service.sap.com/sap/support/notes/0001810405",
"refsource": "MISC",
"url": "http://service.sap.com/sap/support/notes/0001810405"
},
{
"name": "71025",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71025"
}
]
}
}

150
2014/8xxx/CVE-2014-8675.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8675",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Soplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which allows remote attackers to obtain a calendar owner's password via a brute-force attack on the embedded password hash."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "37604",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/37604/"
},
{
"name" : "20150708 SOPlanning - Simple Online Planning Tool multiple vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Jul/44"
},
{
"name" : "http://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html"
},
{
"name" : "75726",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75726"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Soplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which allows remote attackers to obtain a calendar owner's password via a brute-force attack on the embedded password hash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "75726",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75726"
},
{
"name": "http://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html"
},
{
"name": "37604",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37604/"
},
{
"name": "20150708 SOPlanning - Simple Online Planning Tool multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jul/44"
}
]
}
}

150
2016/2xxx/CVE-2016-2151.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"ID" : "CVE-2016-2151",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "user/index.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 grants excessive authorization on the basis of the moodle/course:viewhiddenuserfields capability, which allows remote authenticated users to discover student e-mail addresses by leveraging the teacher role and reading a Participants list."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160321 moodle security release",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/03/21/1"
},
{
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52433",
"refsource" : "CONFIRM",
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52433"
},
{
"name" : "https://moodle.org/mod/forum/discuss.php?d=330173",
"refsource" : "CONFIRM",
"url" : "https://moodle.org/mod/forum/discuss.php?d=330173"
},
{
"name" : "1035333",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035333"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "user/index.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 grants excessive authorization on the basis of the moodle/course:viewhiddenuserfields capability, which allows remote authenticated users to discover student e-mail addresses by leveraging the teacher role and reading a Participants list."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160321 moodle security release",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/03/21/1"
},
{
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52433",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52433"
},
{
"name": "1035333",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035333"
},
{
"name": "https://moodle.org/mod/forum/discuss.php?d=330173",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=330173"
}
]
}
}

34
2016/2xxx/CVE-2016-2758.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2758",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2758",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/2xxx/CVE-2016-2886.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2886",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2886",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

272
2016/2xxx/CVE-2016-2939.json
View File

@ -1,138 +1,138 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-2939",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Domino",
"version" : {
"version_data" : [
{
"version_value" : "8.5.3.5"
},
{
"version_value" : "8.5.3.6"
},
{
"version_value" : "9.0.1"
},
{
"version_value" : "8.5"
},
{
"version_value" : "9.0"
},
{
"version_value" : "8.5.1"
},
{
"version_value" : "8.5.2"
},
{
"version_value" : "8.5.3"
},
{
"version_value" : "9.0.1.1"
},
{
"version_value" : "8.0.2"
},
{
"version_value" : "8.0"
},
{
"version_value" : "8.0.1"
},
{
"version_value" : "8.5.1.5"
},
{
"version_value" : "8.5.2.4"
},
{
"version_value" : "9.0.1.2"
},
{
"version_value" : "8.5.0.1"
},
{
"version_value" : "9.0.1.3"
},
{
"version_value" : "8.5.1.4"
},
{
"version_value" : "9.0.1.4"
},
{
"version_value" : "9.0.1.5"
},
{
"version_value" : "8.5.1.1"
},
{
"version_value" : "9.0.1.6"
},
{
"version_value" : "9.0.1.7"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-2939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Domino",
"version": {
"version_data": [
{
"version_value": "8.5.3.5"
},
{
"version_value": "8.5.3.6"
},
{
"version_value": "9.0.1"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
},
{
"version_value": "8.5.1"
},
{
"version_value": "8.5.2"
},
{
"version_value": "8.5.3"
},
{
"version_value": "9.0.1.1"
},
{
"version_value": "8.0.2"
},
{
"version_value": "8.0"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.5.1.5"
},
{
"version_value": "8.5.2.4"
},
{
"version_value": "9.0.1.2"
},
{
"version_value": "8.5.0.1"
},
{
"version_value": "9.0.1.3"
},
{
"version_value": "8.5.1.4"
},
{
"version_value": "9.0.1.4"
},
{
"version_value": "9.0.1.5"
},
{
"version_value": "8.5.1.1"
},
{
"version_value": "9.0.1.6"
},
{
"version_value": "9.0.1.7"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21992835",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21992835"
},
{
"name" : "94605",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94605"
},
{
"name" : "1037383",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037383"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94605",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94605"
},
{
"name": "1037383",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037383"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21992835",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21992835"
}
]
}
}

34
2017/18xxx/CVE-2017-18149.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18149",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18149",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2017/18xxx/CVE-2017-18347.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18347",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full initialization of the SWD interface and the setup of flash protection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18347",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://community.st.com/s/question/0D50X00009Xke7aSAB/readout-protection-cracked-on-stm32",
"refsource" : "MISC",
"url" : "https://community.st.com/s/question/0D50X00009Xke7aSAB/readout-protection-cracked-on-stm32"
},
{
"name" : "https://www.aisec.fraunhofer.de/en/FirmwareProtection.html",
"refsource" : "MISC",
"url" : "https://www.aisec.fraunhofer.de/en/FirmwareProtection.html"
},
{
"name" : "https://www.usenix.org/conference/woot17/workshop-program/presentation/obermaier",
"refsource" : "MISC",
"url" : "https://www.usenix.org/conference/woot17/workshop-program/presentation/obermaier"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full initialization of the SWD interface and the setup of flash protection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.st.com/s/question/0D50X00009Xke7aSAB/readout-protection-cracked-on-stm32",
"refsource": "MISC",
"url": "https://community.st.com/s/question/0D50X00009Xke7aSAB/readout-protection-cracked-on-stm32"
},
{
"name": "https://www.usenix.org/conference/woot17/workshop-program/presentation/obermaier",
"refsource": "MISC",
"url": "https://www.usenix.org/conference/woot17/workshop-program/presentation/obermaier"
},
{
"name": "https://www.aisec.fraunhofer.de/en/FirmwareProtection.html",
"refsource": "MISC",
"url": "https://www.aisec.fraunhofer.de/en/FirmwareProtection.html"
}
]
}
}

34
2017/1xxx/CVE-2017-1388.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1388",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1388",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

142
2017/1xxx/CVE-2017-1440.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-08-28T00:00:00",
"ID" : "CVE-2017-1440",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Emptoris Services Procurement",
"version" : {
"version_data" : [
{
"version_value" : "10.0.0.5"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Emptoris Services Procurement 10.0.0.5 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 128105."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-28T00:00:00",
"ID": "CVE-2017-1440",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Services Procurement",
"version": {
"version_data": [
{
"version_value": "10.0.0.5"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128105",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128105"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg22005550",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg22005550"
},
{
"name" : "99542",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99542"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Services Procurement 10.0.0.5 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 128105."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128105",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128105"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg22005550",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005550"
},
{
"name": "99542",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99542"
}
]
}
}

34
2017/1xxx/CVE-2017-1528.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1528",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1528",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/1xxx/CVE-2017-1967.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1967",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-1967",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/5xxx/CVE-2017-5221.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5221",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5221",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

184
2017/5xxx/CVE-2017-5409.json
View File

@ -1,94 +1,94 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2017-5409",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Firefox ESR",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "45.8"
}
]
}
},
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "52"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 45.8 and Firefox < 52."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2017-5409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "45.8"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "52"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1321814",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1321814"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-05/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-05/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-06/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-06/"
},
{
"name" : "96696",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96696"
},
{
"name" : "1037966",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037966"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 45.8 and Firefox < 52."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96696",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96696"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-05/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-05/"
},
{
"name": "1037966",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037966"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-06/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-06/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321814",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321814"
}
]
}
}

274
2017/5xxx/CVE-2017-5469.json
View File

@ -1,139 +1,139 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2017-5469",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Thunderbird",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "52.1"
}
]
}
},
{
"product_name" : "Firefox ESR",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "45.9"
},
{
"version_affected" : "<",
"version_value" : "52.1"
}
]
}
},
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "53"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Potential Buffer overflow in flex-generated code"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2017-5469",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "52.1"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "45.9"
},
{
"version_affected": "<",
"version_value": "52.1"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "53"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1292534",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1292534"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-10/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-10/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-11/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-11/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-12/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-12/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-13/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-13/"
},
{
"name" : "DSA-3831",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3831"
},
{
"name" : "RHSA-2017:1104",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1104"
},
{
"name" : "RHSA-2017:1106",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1106"
},
{
"name" : "RHSA-2017:1201",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1201"
},
{
"name" : "97940",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97940"
},
{
"name" : "1038320",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038320"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Potential Buffer overflow in flex-generated code"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1106",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1106"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-12/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-12/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-11/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-11/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1292534",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1292534"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-10/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-10/"
},
{
"name": "97940",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97940"
},
{
"name": "DSA-3831",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3831"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-13/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-13/"
},
{
"name": "1038320",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038320"
},
{
"name": "RHSA-2017:1104",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1104"
},
{
"name": "RHSA-2017:1201",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
}
]
}
}

130
2017/5xxx/CVE-2017-5570.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5570",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the messageJson.jsp, which can only be exploited by authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile()."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://gist.github.com/malerisch/898c7ae46abde5da15748beb1e6e886f",
"refsource" : "MISC",
"url" : "https://gist.github.com/malerisch/898c7ae46abde5da15748beb1e6e886f"
},
{
"name" : "95742",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95742"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the messageJson.jsp, which can only be exploited by authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/malerisch/898c7ae46abde5da15748beb1e6e886f",
"refsource": "MISC",
"url": "https://gist.github.com/malerisch/898c7ae46abde5da15748beb1e6e886f"
},
{
"name": "95742",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95742"
}
]
}
}

130
2017/5xxx/CVE-2017-5646.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"ID" : "CVE-2017-5646",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache Knox",
"version" : {
"version_data" : [
{
"version_value" : "0.2.0 to 0.11.0"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially crafted URL to impersonate another user while accessing WebHDFS through Apache Knox. This may result in escalated privileges and unauthorized data access. While this activity is audit logged and can be easily associated with the authenticated user, this is still a serious security issue. All users are recommended to upgrade to the Apache Knox 0.12.0 release."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Escalated Privileges and Data Access"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2017-5646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Knox",
"version": {
"version_data": [
{
"version_value": "0.2.0 to 0.11.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[knox-user] 20170526 [ANNOUNCE] CVE-2017-5646: Apache Knox Impersonation Issue for WebHDFS",
"refsource" : "MLIST",
"url" : "http://mail-archives.apache.org/mod_mbox/knox-user/201705.mbox/%3CCACRbFyjtT7QQGHUzTRdbJoySbJb7tt4BDk5-r-VRn0GB0Kgvag%40mail.gmail.com%3E"
},
{
"name" : "98739",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98739"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially crafted URL to impersonate another user while accessing WebHDFS through Apache Knox. This may result in escalated privileges and unauthorized data access. While this activity is audit logged and can be easily associated with the authenticated user, this is still a serious security issue. All users are recommended to upgrade to the Apache Knox 0.12.0 release."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalated Privileges and Data Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[knox-user] 20170526 [ANNOUNCE] CVE-2017-5646: Apache Knox Impersonation Issue for WebHDFS",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/knox-user/201705.mbox/%3CCACRbFyjtT7QQGHUzTRdbJoySbJb7tt4BDk5-r-VRn0GB0Kgvag%40mail.gmail.com%3E"
},
{
"name": "98739",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98739"
}
]
}
}

34
2017/5xxx/CVE-2017-5749.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5749",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5749",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}