admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:29:56 +00:00
parent 1c928c7afa
commit 07a1c2a810
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
48 changed files with 3891 additions and 3891 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

190
2006/2xxx/CVE-2006-2070.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2070",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in member.php in DevBB 1.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the member parameter in a viewpro action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2070",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060426 DevBB <= 1.0.0 XSS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/432096/100/0/threaded"
},
{
"name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/DevBB-1.0.0-xss.txt",
"refsource" : "MISC",
"url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/DevBB-1.0.0-xss.txt"
},
{
"name" : "17703",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17703"
},
{
"name" : "ADV-2006-1544",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1544"
},
{
"name" : "24994",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24994"
},
{
"name" : "19855",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19855"
},
{
"name" : "800",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/800"
},
{
"name" : "devbb-member-xss(26091)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26091"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in member.php in DevBB 1.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the member parameter in a viewpro action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17703",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17703"
},
{
"name": "800",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/800"
},
{
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/DevBB-1.0.0-xss.txt",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/DevBB-1.0.0-xss.txt"
},
{
"name": "24994",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24994"
},
{
"name": "20060426 DevBB <= 1.0.0 XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432096/100/0/threaded"
},
{
"name": "19855",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19855"
},
{
"name": "ADV-2006-1544",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1544"
},
{
"name": "devbb-member-xss(26091)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26091"
}
]
}
}

170
2006/3xxx/CVE-2006-3111.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3111",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in main.php in Chipmailer 1.09 allow remote attackers to execute arbitrary SQL commands via multiple parameters, as demonstrated by (1) anfang, (2) name, (3) mail, (4) anrede, (5) vorname, (6) nachname, (7) gebtag, (8) gebmonat, and (9) gebjahr."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060613 Chipmailer <= 1.09 Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=115024576618386&w=2"
},
{
"name" : "18463",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18463"
},
{
"name" : "ADV-2006-2359",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2359"
},
{
"name" : "1016315",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016315"
},
{
"name" : "20643",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20643"
},
{
"name" : "chipmailer-main-index-sql-injection(27158)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27158"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in main.php in Chipmailer 1.09 allow remote attackers to execute arbitrary SQL commands via multiple parameters, as demonstrated by (1) anfang, (2) name, (3) mail, (4) anrede, (5) vorname, (6) nachname, (7) gebtag, (8) gebmonat, and (9) gebjahr."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20643",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20643"
},
{
"name": "chipmailer-main-index-sql-injection(27158)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27158"
},
{
"name": "ADV-2006-2359",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2359"
},
{
"name": "18463",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18463"
},
{
"name": "20060613 Chipmailer <= 1.09 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=115024576618386&w=2"
},
{
"name": "1016315",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016315"
}
]
}
}

200
2006/3xxx/CVE-2006-3268.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3268",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Windows Client API in Novell GroupWise 5.x through 7 might allow users to obtain \"random programmatic access\" to other email within the same post office."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060629 Novell Security Announcement NOVELL-SA:2006:001",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/438725/100/0/threaded"
},
{
"name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?2974027.htm",
"refsource" : "CONFIRM",
"url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?2974027.htm"
},
{
"name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974006.htm",
"refsource" : "CONFIRM",
"url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974006.htm"
},
{
"name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973921.htm",
"refsource" : "CONFIRM",
"url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973921.htm"
},
{
"name" : "18716",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18716"
},
{
"name" : "ADV-2006-2594",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2594"
},
{
"name" : "1016404",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016404"
},
{
"name" : "20888",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20888"
},
{
"name" : "groupwise-windows-client-api-security-bypass(27550)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27550"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Windows Client API in Novell GroupWise 5.x through 7 might allow users to obtain \"random programmatic access\" to other email within the same post office."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060629 Novell Security Announcement NOVELL-SA:2006:001",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438725/100/0/threaded"
},
{
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974006.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974006.htm"
},
{
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?2974027.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?2974027.htm"
},
{
"name": "groupwise-windows-client-api-security-bypass(27550)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27550"
},
{
"name": "1016404",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016404"
},
{
"name": "ADV-2006-2594",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2594"
},
{
"name": "18716",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18716"
},
{
"name": "20888",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20888"
},
{
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973921.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973921.htm"
}
]
}
}

200
2006/3xxx/CVE-2006-3276.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3276",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and 11.0 allows remote attackers to execute arbitrary code via (1) a long User-Agent HTTP header in the RTSP service and (2) unspecified vectors involving the \"parsing of HTTP URL schemes\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060622 [MU-200606-01] Real Helix RTSP Server Heap Corruption Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0600.html"
},
{
"name" : "http://labs.musecurity.com/advisories/MU-200606-01.txt",
"refsource" : "MISC",
"url" : "http://labs.musecurity.com/advisories/MU-200606-01.txt"
},
{
"name" : "18606",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18606"
},
{
"name" : "ADV-2006-2521",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2521"
},
{
"name" : "26799",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26799"
},
{
"name" : "1016365",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016365"
},
{
"name" : "20784",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20784"
},
{
"name" : "helix-dna-rtsp-bo(27316)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27316"
},
{
"name" : "helix-dna-url-bo(27317)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27317"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and 11.0 allows remote attackers to execute arbitrary code via (1) a long User-Agent HTTP header in the RTSP service and (2) unspecified vectors involving the \"parsing of HTTP URL schemes\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "helix-dna-rtsp-bo(27316)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27316"
},
{
"name": "18606",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18606"
},
{
"name": "1016365",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016365"
},
{
"name": "ADV-2006-2521",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2521"
},
{
"name": "20060622 [MU-200606-01] Real Helix RTSP Server Heap Corruption Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0600.html"
},
{
"name": "helix-dna-url-bo(27317)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27317"
},
{
"name": "26799",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26799"
},
{
"name": "20784",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20784"
},
{
"name": "http://labs.musecurity.com/advisories/MU-200606-01.txt",
"refsource": "MISC",
"url": "http://labs.musecurity.com/advisories/MU-200606-01.txt"
}
]
}
}

240
2006/3xxx/CVE-2006-3864.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3864",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an \"array boundary condition\" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-3864",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061011 Microsoft Office Malformed Record Memory Corruption Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/448268/100/0/threaded"
},
{
"name" : "http://secway.org/advisory/AD20061010.txt",
"refsource" : "MISC",
"url" : "http://secway.org/advisory/AD20061010.txt"
},
{
"name" : "HPSBST02161",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name" : "SSRT061264",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name" : "MS06-062",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-062"
},
{
"name" : "922581",
"refsource" : "MSKB",
"url" : "http://support.microsoft.com/kb/922581"
},
{
"name" : "VU#176556",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/176556"
},
{
"name" : "20384",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20384"
},
{
"name" : "ADV-2006-3981",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3981"
},
{
"name" : "29429",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29429"
},
{
"name" : "oval:org.mitre.oval:def:632",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A632"
},
{
"name" : "1017034",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017034"
},
{
"name" : "22339",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22339"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an \"array boundary condition\" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:632",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A632"
},
{
"name": "SSRT061264",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "ADV-2006-3981",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3981"
},
{
"name": "29429",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29429"
},
{
"name": "VU#176556",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/176556"
},
{
"name": "http://secway.org/advisory/AD20061010.txt",
"refsource": "MISC",
"url": "http://secway.org/advisory/AD20061010.txt"
},
{
"name": "20384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20384"
},
{
"name": "MS06-062",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-062"
},
{
"name": "1017034",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017034"
},
{
"name": "HPSBST02161",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "20061011 Microsoft Office Malformed Record Memory Corruption Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448268/100/0/threaded"
},
{
"name": "22339",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22339"
},
{
"name": "922581",
"refsource": "MSKB",
"url": "http://support.microsoft.com/kb/922581"
}
]
}
}

230
2006/3xxx/CVE-2006-3913.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3913",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul 2006 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) negative chunk_length or a (2) large chunk->offset value in a PACKET_PLAYER_ATTRIBUTE_CHUNK packet in the generic_handle_player_attribute_chunk function in common/packets.c, and (3) a large packet->length value in the handle_unit_orders function in server/unithand.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060723 Two crash vulnerabilities in Freeciv 2.1.0-beta1 (SVN 15 Jul 2006)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/441042/100/0/threaded"
},
{
"name" : "http://aluigi.altervista.org/adv/freecivx-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/freecivx-adv.txt"
},
{
"name" : "DSA-1142",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1142"
},
{
"name" : "MDKSA-2006:135",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:135"
},
{
"name" : "19117",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19117"
},
{
"name" : "ADV-2006-2942",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2942"
},
{
"name" : "21171",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21171"
},
{
"name" : "21254",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21254"
},
{
"name" : "21352",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21352"
},
{
"name" : "1296",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1296"
},
{
"name" : "freeciv-packetsc-dos(27955)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27955"
},
{
"name" : "freeciv-unithand-dos(27956)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27956"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul 2006 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) negative chunk_length or a (2) large chunk->offset value in a PACKET_PLAYER_ATTRIBUTE_CHUNK packet in the generic_handle_player_attribute_chunk function in common/packets.c, and (3) a large packet->length value in the handle_unit_orders function in server/unithand.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2942",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2942"
},
{
"name": "http://aluigi.altervista.org/adv/freecivx-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/freecivx-adv.txt"
},
{
"name": "21254",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21254"
},
{
"name": "freeciv-packetsc-dos(27955)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27955"
},
{
"name": "21352",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21352"
},
{
"name": "20060723 Two crash vulnerabilities in Freeciv 2.1.0-beta1 (SVN 15 Jul 2006)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441042/100/0/threaded"
},
{
"name": "freeciv-unithand-dos(27956)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27956"
},
{
"name": "19117",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19117"
},
{
"name": "DSA-1142",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1142"
},
{
"name": "MDKSA-2006:135",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:135"
},
{
"name": "1296",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1296"
},
{
"name": "21171",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21171"
}
]
}
}

180
2006/4xxx/CVE-2006-4137.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4137",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server before 6.1.0.1 allows attackers to obtain sensitive information via unspecified vectors related to (1) the log file, (2) \"script generated syntax on wsadmin command line,\" and (3) traces."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951",
"refsource" : "CONFIRM",
"url" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951"
},
{
"name" : "PK27547",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=PK27547&apar=only"
},
{
"name" : "PK27857",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=PK27857&apar=only"
},
{
"name" : "PK28408",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=PK28408&apar=only"
},
{
"name" : "19463",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19463"
},
{
"name" : "ADV-2006-3262",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3262"
},
{
"name" : "21440",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21440"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server before 6.1.0.1 allows attackers to obtain sensitive information via unspecified vectors related to (1) the log file, (2) \"script generated syntax on wsadmin command line,\" and (3) traces."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PK28408",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PK28408&apar=only"
},
{
"name": "ADV-2006-3262",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3262"
},
{
"name": "PK27547",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PK27547&apar=only"
},
{
"name": "PK27857",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PK27857&apar=only"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951"
},
{
"name": "19463",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19463"
},
{
"name": "21440",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21440"
}
]
}
}

190
2006/4xxx/CVE-2006-4353.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4353",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Sun Java System Content Delivery Server 4.0, 4.1, and 5.0 allows local and remote attackers to read data from arbitrary files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4353",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm"
},
{
"name" : "102593",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102593-1"
},
{
"name" : "19705",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19705"
},
{
"name" : "ADV-2006-3390",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3390"
},
{
"name" : "28227",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28227"
},
{
"name" : "1016751",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016751"
},
{
"name" : "21628",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21628"
},
{
"name" : "sun-java-cds-information-disclosure(28570)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28570"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Sun Java System Content Delivery Server 4.0, 4.1, and 5.0 allows local and remote attackers to read data from arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19705",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19705"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm"
},
{
"name": "1016751",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016751"
},
{
"name": "sun-java-cds-information-disclosure(28570)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28570"
},
{
"name": "28227",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28227"
},
{
"name": "102593",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102593-1"
},
{
"name": "ADV-2006-3390",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3390"
},
{
"name": "21628",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21628"
}
]
}
}

410
2006/4xxx/CVE-2006-4790.json
View File

@ -1,207 +1,207 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4790",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-4790",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[gnutls-dev] 20060908 Variant of Bleichenbacher's crypto 06 rump session attack",
"refsource" : "MLIST",
"url" : "http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html"
},
{
"name" : "[gnutls-dev] 20060912 Re: Variant of Bleichenbacher's crypto 06 rump session attack",
"refsource" : "MLIST",
"url" : "http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.html"
},
{
"name" : "http://www.gnu.org/software/gnutls/security.html",
"refsource" : "CONFIRM",
"url" : "http://www.gnu.org/software/gnutls/security.html"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm"
},
{
"name" : "DSA-1182",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1182"
},
{
"name" : "GLSA-200609-15",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200609-15.xml"
},
{
"name" : "MDKSA-2006:166",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:166"
},
{
"name" : "RHSA-2006:0680",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0680.html"
},
{
"name" : "102648",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1"
},
{
"name" : "102970",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102970-1"
},
{
"name" : "SUSE-SR:2006:023",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_23_sr.html"
},
{
"name" : "SUSE-SA:2007:010",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html"
},
{
"name" : "USN-348-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-348-1"
},
{
"name" : "20027",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20027"
},
{
"name" : "oval:org.mitre.oval:def:9937",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9937"
},
{
"name" : "ADV-2006-3635",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3635"
},
{
"name" : "ADV-2006-3899",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3899"
},
{
"name" : "ADV-2007-2289",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2289"
},
{
"name" : "1016844",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016844"
},
{
"name" : "21942",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21942"
},
{
"name" : "21937",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21937"
},
{
"name" : "21973",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21973"
},
{
"name" : "22049",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22049"
},
{
"name" : "22084",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22084"
},
{
"name" : "22097",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22097"
},
{
"name" : "22226",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22226"
},
{
"name" : "22080",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22080"
},
{
"name" : "22992",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22992"
},
{
"name" : "25762",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25762"
},
{
"name" : "gnutls-rsakey-security-bypass(28953)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28953"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25762",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25762"
},
{
"name": "22992",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22992"
},
{
"name": "21937",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21937"
},
{
"name": "22049",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22049"
},
{
"name": "1016844",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016844"
},
{
"name": "ADV-2006-3899",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3899"
},
{
"name": "20027",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20027"
},
{
"name": "SUSE-SR:2006:023",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_23_sr.html"
},
{
"name": "MDKSA-2006:166",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:166"
},
{
"name": "RHSA-2006:0680",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0680.html"
},
{
"name": "http://www.gnu.org/software/gnutls/security.html",
"refsource": "CONFIRM",
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"name": "oval:org.mitre.oval:def:9937",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9937"
},
{
"name": "102970",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102970-1"
},
{
"name": "ADV-2006-3635",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3635"
},
{
"name": "21942",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21942"
},
{
"name": "[gnutls-dev] 20060908 Variant of Bleichenbacher's crypto 06 rump session attack",
"refsource": "MLIST",
"url": "http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html"
},
{
"name": "22080",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22080"
},
{
"name": "GLSA-200609-15",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200609-15.xml"
},
{
"name": "SUSE-SA:2007:010",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html"
},
{
"name": "DSA-1182",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1182"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm"
},
{
"name": "gnutls-rsakey-security-bypass(28953)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28953"
},
{
"name": "102648",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1"
},
{
"name": "21973",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21973"
},
{
"name": "22226",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22226"
},
{
"name": "22084",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22084"
},
{
"name": "[gnutls-dev] 20060912 Re: Variant of Bleichenbacher's crypto 06 rump session attack",
"refsource": "MLIST",
"url": "http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.html"
},
{
"name": "USN-348-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-348-1"
},
{
"name": "ADV-2007-2289",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2289"
},
{
"name": "22097",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22097"
}
]
}
}

150
2006/6xxx/CVE-2006-6117.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6117",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index1.asp in fipsGallery 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the which parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6117",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2829",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2829"
},
{
"name" : "21254",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21254"
},
{
"name" : "ADV-2006-4683",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4683"
},
{
"name" : "23056",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23056"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index1.asp in fipsGallery 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the which parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4683",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4683"
},
{
"name": "2829",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2829"
},
{
"name": "21254",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21254"
},
{
"name": "23056",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23056"
}
]
}
}

180
2006/6xxx/CVE-2006-6354.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6354",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews allow remote attackers to execute arbitrary SQL commands via the (1) iNews, (2) iType, or (3) Action parameter. NOTE: the iType parameter in type.asp is covered by CVE-2005-3976."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6354",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061202 [Aria-Security Team] DuWare DuNews SQL Injection Vuln",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/453317/100/0/threaded"
},
{
"name" : "http://www.aria-security.com/forum/showthread.php?t=61",
"refsource" : "MISC",
"url" : "http://www.aria-security.com/forum/showthread.php?t=61"
},
{
"name" : "15681",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15681"
},
{
"name" : "ADV-2006-4834",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4834"
},
{
"name" : "23228",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23228"
},
{
"name" : "1996",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1996"
},
{
"name" : "dunews-type-detail-sql-injection(30673)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30673"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews allow remote attackers to execute arbitrary SQL commands via the (1) iNews, (2) iType, or (3) Action parameter. NOTE: the iType parameter in type.asp is covered by CVE-2005-3976."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23228",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23228"
},
{
"name": "http://www.aria-security.com/forum/showthread.php?t=61",
"refsource": "MISC",
"url": "http://www.aria-security.com/forum/showthread.php?t=61"
},
{
"name": "15681",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15681"
},
{
"name": "ADV-2006-4834",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4834"
},
{
"name": "20061202 [Aria-Security Team] DuWare DuNews SQL Injection Vuln",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453317/100/0/threaded"
},
{
"name": "dunews-type-detail-sql-injection(30673)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30673"
},
{
"name": "1996",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1996"
}
]
}
}

160
2006/7xxx/CVE-2006-7110.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7110",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the delete function in IMCE before 1.6, a Drupal module, allows remote authenticated users to delete arbitrary files via \"..\" sequences."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7110",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/87101",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/87101"
},
{
"name" : "20312",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20312"
},
{
"name" : "ADV-2006-3892",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3892"
},
{
"name" : "22261",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22261"
},
{
"name" : "imce-delete-file-deletion(29324)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29324"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the delete function in IMCE before 1.6, a Drupal module, allows remote authenticated users to delete arbitrary files via \"..\" sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "imce-delete-file-deletion(29324)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29324"
},
{
"name": "20312",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20312"
},
{
"name": "http://drupal.org/node/87101",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/87101"
},
{
"name": "ADV-2006-3892",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3892"
},
{
"name": "22261",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22261"
}
]
}
}

170
2010/2xxx/CVE-2010-2308.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2308",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the filter driver (savonaccessfilter.sys) in Sophos Anti-Virus before 7.6.20 allows local users to gain privileges via crafted arguments to the NtQueryAttributesFile function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100609 TPTI-10-03: Sophos Anti-Virus SAVOnAccessFilter Local Privilege Escalation Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/511773/100/0/threaded"
},
{
"name" : "http://dvlabs.tippingpoint.com/advisory/TPTI-10-03",
"refsource" : "MISC",
"url" : "http://dvlabs.tippingpoint.com/advisory/TPTI-10-03"
},
{
"name" : "http://www.sophos.com/support/knowledgebase/article/111126.html",
"refsource" : "CONFIRM",
"url" : "http://www.sophos.com/support/knowledgebase/article/111126.html"
},
{
"name" : "1024089",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024089"
},
{
"name" : "40085",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40085"
},
{
"name" : "ADV-2010-1412",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1412"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the filter driver (savonaccessfilter.sys) in Sophos Anti-Virus before 7.6.20 allows local users to gain privileges via crafted arguments to the NtQueryAttributesFile function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40085",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40085"
},
{
"name": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-03",
"refsource": "MISC",
"url": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-03"
},
{
"name": "http://www.sophos.com/support/knowledgebase/article/111126.html",
"refsource": "CONFIRM",
"url": "http://www.sophos.com/support/knowledgebase/article/111126.html"
},
{
"name": "20100609 TPTI-10-03: Sophos Anti-Virus SAVOnAccessFilter Local Privilege Escalation Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511773/100/0/threaded"
},
{
"name": "1024089",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024089"
},
{
"name": "ADV-2010-1412",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1412"
}
]
}
}

150
2010/2xxx/CVE-2010-2493.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2493",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration of the deployment descriptor (aka web.xml) in picketlink-sts.war in (1) the security_saml quickstart, (2) the webservice_proxy_security quickstart, (3) the web-console application, (4) the http-invoker application, (5) the gpd-deployer application, (6) the jbpm-console application, (7) the contract application, and (8) the uddi-console application in JBoss Enterprise SOA Platform before 5.0.2 contains GET and POST http-method elements, which allows remote attackers to bypass intended access restrictions via a crafted HTTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.redhat.com/docs/en-US/JBoss_SOA_Platform/5.0.2/html/5.0.2_Release_Notes/index.html",
"refsource" : "CONFIRM",
"url" : "http://www.redhat.com/docs/en-US/JBoss_SOA_Platform/5.0.2/html/5.0.2_Release_Notes/index.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=614774",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=614774"
},
{
"name" : "https://jira.jboss.org/browse/SOA-2105",
"refsource" : "CONFIRM",
"url" : "https://jira.jboss.org/browse/SOA-2105"
},
{
"name" : "40681",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40681"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of the deployment descriptor (aka web.xml) in picketlink-sts.war in (1) the security_saml quickstart, (2) the webservice_proxy_security quickstart, (3) the web-console application, (4) the http-invoker application, (5) the gpd-deployer application, (6) the jbpm-console application, (7) the contract application, and (8) the uddi-console application in JBoss Enterprise SOA Platform before 5.0.2 contains GET and POST http-method elements, which allows remote attackers to bypass intended access restrictions via a crafted HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=614774",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=614774"
},
{
"name": "https://jira.jboss.org/browse/SOA-2105",
"refsource": "CONFIRM",
"url": "https://jira.jboss.org/browse/SOA-2105"
},
{
"name": "40681",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40681"
},
{
"name": "http://www.redhat.com/docs/en-US/JBoss_SOA_Platform/5.0.2/html/5.0.2_Release_Notes/index.html",
"refsource": "CONFIRM",
"url": "http://www.redhat.com/docs/en-US/JBoss_SOA_Platform/5.0.2/html/5.0.2_Release_Notes/index.html"
}
]
}
}

170
2010/2xxx/CVE-2010-2791.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2791",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100730 CVE-2010-2791: mod_proxy information leak affecting 2.2.9 only",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/07/30/1"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name" : "RHSA-2010:0659",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0659.html"
},
{
"name" : "42102",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/42102"
},
{
"name" : "apache-modproxy-info-disclsoure(60883)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60883"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "apache-modproxy-info-disclsoure(60883)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60883"
},
{
"name": "RHSA-2010:0659",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0659.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
},
{
"name": "42102",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42102"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name": "[oss-security] 20100730 CVE-2010-2791: mod_proxy information leak affecting 2.2.9 only",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/07/30/1"
}
]
}
}

190
2011/0xxx/CVE-2011-0273.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0273",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in crs.exe in HP OpenView Storage Data Protector Cell Manager 6.11 allows remote attackers to execute arbitrary code via unspecified message types."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2011-0273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-024/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-024/"
},
{
"name" : "HPSBMA02625",
"refsource" : "HP",
"url" : "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02688353"
},
{
"name" : "SSRT100138",
"refsource" : "HP",
"url" : "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02688353"
},
{
"name" : "70621",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70621"
},
{
"name" : "1024983",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024983"
},
{
"name" : "42997",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42997"
},
{
"name" : "ADV-2011-0177",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0177"
},
{
"name" : "hp-openview-storage-code-execution(64818)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64818"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in crs.exe in HP OpenView Storage Data Protector Cell Manager 6.11 allows remote attackers to execute arbitrary code via unspecified message types."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024983",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024983"
},
{
"name": "hp-openview-storage-code-execution(64818)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64818"
},
{
"name": "ADV-2011-0177",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0177"
},
{
"name": "70621",
"refsource": "OSVDB",
"url": "http://osvdb.org/70621"
},
{
"name": "HPSBMA02625",
"refsource": "HP",
"url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02688353"
},
{
"name": "42997",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42997"
},
{
"name": "SSRT100138",
"refsource": "HP",
"url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02688353"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-024/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-024/"
}
]
}
}

34
2011/0xxx/CVE-2011-0358.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0358",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0358",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2011/0xxx/CVE-2011-0912.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0912",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Argument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share pathname for a DLL file, aka SPR PRAD82YJW2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://zerodayinitiative.com/advisories/ZDI-11-051/",
"refsource" : "MISC",
"url" : "http://zerodayinitiative.com/advisories/ZDI-11-051/"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21461514",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
},
{
"name" : "oval:org.mitre.oval:def:14348",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14348"
},
{
"name" : "43222",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43222"
},
{
"name" : "ADV-2011-0295",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0295"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Argument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share pathname for a DLL file, aka SPR PRAD82YJW2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-051/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-051/"
},
{
"name": "43222",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43222"
},
{
"name": "oval:org.mitre.oval:def:14348",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14348"
},
{
"name": "ADV-2011-0295",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0295"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
}
]
}
}

170
2011/1xxx/CVE-2011-1670.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1670",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in actions/add.php in InTerra Blog Machine 1.84, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the subject parameter to post_url/edit."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1670",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110331 HTB22931: XSS vulnerability in InTerra Blog Machine",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/517271/100/0/threaded"
},
{
"name" : "17098",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/17098"
},
{
"name" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_interra_blog_machine.html",
"refsource" : "MISC",
"url" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_interra_blog_machine.html"
},
{
"name" : "47104",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47104"
},
{
"name" : "8195",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8195"
},
{
"name" : "interrablogmachine-subject-xss(66562)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66562"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in actions/add.php in InTerra Blog Machine 1.84, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the subject parameter to post_url/edit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47104",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47104"
},
{
"name": "interrablogmachine-subject-xss(66562)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66562"
},
{
"name": "20110331 HTB22931: XSS vulnerability in InTerra Blog Machine",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517271/100/0/threaded"
},
{
"name": "http://www.htbridge.ch/advisory/xss_vulnerability_in_interra_blog_machine.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_interra_blog_machine.html"
},
{
"name": "17098",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17098"
},
{
"name": "8195",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8195"
}
]
}
}

190
2011/1xxx/CVE-2011-1716.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1716",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110403 Xymon monitor cross-site scripting vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/517316/100/0/threaded"
},
{
"name" : "20110404 Re: Xymon monitor cross-site scripting vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/517325/100/0/threaded"
},
{
"name" : "http://xymon.svn.sourceforge.net/viewvc/xymon/branches/4.3.2/Changes?revision=6673&view=markup",
"refsource" : "CONFIRM",
"url" : "http://xymon.svn.sourceforge.net/viewvc/xymon/branches/4.3.2/Changes?revision=6673&view=markup"
},
{
"name" : "47156",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47156"
},
{
"name" : "71489",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/71489"
},
{
"name" : "44036",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44036"
},
{
"name" : "8209",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8209"
},
{
"name" : "xymonmonitor-multiple-xss(66542)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66542"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110404 Re: Xymon monitor cross-site scripting vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517325/100/0/threaded"
},
{
"name": "47156",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47156"
},
{
"name": "xymonmonitor-multiple-xss(66542)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66542"
},
{
"name": "71489",
"refsource": "OSVDB",
"url": "http://osvdb.org/71489"
},
{
"name": "20110403 Xymon monitor cross-site scripting vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517316/100/0/threaded"
},
{
"name": "8209",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8209"
},
{
"name": "http://xymon.svn.sourceforge.net/viewvc/xymon/branches/4.3.2/Changes?revision=6673&view=markup",
"refsource": "CONFIRM",
"url": "http://xymon.svn.sourceforge.net/viewvc/xymon/branches/4.3.2/Changes?revision=6673&view=markup"
},
{
"name": "44036",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44036"
}
]
}
}

140
2011/3xxx/CVE-2011-3910.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3910",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 16.0.912.63 does not properly handle YUV video frames, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-3910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=101494",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=101494"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html"
},
{
"name" : "oval:org.mitre.oval:def:14517",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14517"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 16.0.912.63 does not properly handle YUV video frames, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:14517",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14517"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=101494",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=101494"
}
]
}
}

190
2011/4xxx/CVE-2011-4363.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4363",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20111130 CVE request: Proc::ProcessTable perl module",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/11/30/2"
},
{
"name" : "[oss-security] 20111130 Re: CVE request: Proc::ProcessTable perl module",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/11/30/3"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650500",
"refsource" : "MISC",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650500"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4363",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4363"
},
{
"name" : "https://rt.cpan.org/Public/Bug/Display.html?id=72862",
"refsource" : "CONFIRM",
"url" : "https://rt.cpan.org/Public/Bug/Display.html?id=72862"
},
{
"name" : "50868",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/50868"
},
{
"name" : "77428",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/77428"
},
{
"name" : "47015",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47015"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20111130 CVE request: Proc::ProcessTable perl module",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/11/30/2"
},
{
"name": "50868",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50868"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4363",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4363"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650500",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650500"
},
{
"name": "47015",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47015"
},
{
"name": "[oss-security] 20111130 Re: CVE request: Proc::ProcessTable perl module",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/11/30/3"
},
{
"name": "77428",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/77428"
},
{
"name": "https://rt.cpan.org/Public/Bug/Display.html?id=72862",
"refsource": "CONFIRM",
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=72862"
}
]
}
}

160
2011/4xxx/CVE-2011-4458.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4458",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and 4.x before 4.0.6, when the VERPPrefix and VERPDomain options are enabled, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-5092 and CVE-2011-5093."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[rt-announce] 20120522 RT 3.8.12 Released - Security Release",
"refsource" : "MLIST",
"url" : "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"name" : "[rt-announce] 20120522 RT 4.0.6 Released - Security Release",
"refsource" : "MLIST",
"url" : "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"name" : "[rt-announce] 20120522 Security vulnerabilities in RT",
"refsource" : "MLIST",
"url" : "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"name" : "53660",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53660"
},
{
"name" : "49259",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49259"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and 4.x before 4.0.6, when the VERPPrefix and VERPDomain options are enabled, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-5092 and CVE-2011-5093."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[rt-announce] 20120522 RT 3.8.12 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"name": "49259",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49259"
},
{
"name": "[rt-announce] 20120522 RT 4.0.6 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"name": "[rt-announce] 20120522 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"name": "53660",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53660"
}
]
}
}

150
2011/4xxx/CVE-2011-4587.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4587",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle certain zero values in the password policy, which makes it easier for remote attackers to obtain access by leveraging the possible existence of user accounts that have unchangeable blank passwords."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=e079e82c087becf06d902089d14f3f76686bde19",
"refsource" : "CONFIRM",
"url" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=e079e82c087becf06d902089d14f3f76686bde19"
},
{
"name" : "http://moodle.org/mod/forum/discuss.php?d=191755",
"refsource" : "CONFIRM",
"url" : "http://moodle.org/mod/forum/discuss.php?d=191755"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=761248",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=761248"
},
{
"name" : "DSA-2421",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2421"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle certain zero values in the password policy, which makes it easier for remote attackers to obtain access by leveraging the possible existence of user accounts that have unchangeable blank passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=761248",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=761248"
},
{
"name": "http://moodle.org/mod/forum/discuss.php?d=191755",
"refsource": "CONFIRM",
"url": "http://moodle.org/mod/forum/discuss.php?d=191755"
},
{
"name": "DSA-2421",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2421"
},
{
"name": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=e079e82c087becf06d902089d14f3f76686bde19",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=e079e82c087becf06d902089d14f3f76686bde19"
}
]
}
}

160
2011/5xxx/CVE-2011-5106.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5106",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20111116 wordpress Flexible Custom Post Type plugin Xss Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/520542/100/0/threaded"
},
{
"name" : "http://plugins.trac.wordpress.org/changeset?reponame=&new=466252%40flexible-custom-post-type&old=465583%40flexible-custom-post-type",
"refsource" : "CONFIRM",
"url" : "http://plugins.trac.wordpress.org/changeset?reponame=&new=466252%40flexible-custom-post-type&old=465583%40flexible-custom-post-type"
},
{
"name" : "http://wordpress.org/extend/plugins/flexible-custom-post-type/changelog/",
"refsource" : "CONFIRM",
"url" : "http://wordpress.org/extend/plugins/flexible-custom-post-type/changelog/"
},
{
"name" : "50719",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/50719"
},
{
"name" : "flexiblecustomposttype-editpost-xss(71415)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71415"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "flexiblecustomposttype-editpost-xss(71415)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71415"
},
{
"name": "50719",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50719"
},
{
"name": "20111116 wordpress Flexible Custom Post Type plugin Xss Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/520542/100/0/threaded"
},
{
"name": "http://wordpress.org/extend/plugins/flexible-custom-post-type/changelog/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/extend/plugins/flexible-custom-post-type/changelog/"
},
{
"name": "http://plugins.trac.wordpress.org/changeset?reponame=&new=466252%40flexible-custom-post-type&old=465583%40flexible-custom-post-type",
"refsource": "CONFIRM",
"url": "http://plugins.trac.wordpress.org/changeset?reponame=&new=466252%40flexible-custom-post-type&old=465583%40flexible-custom-post-type"
}
]
}
}

150
2011/5xxx/CVE-2011-5206.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5206",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in notes.php in Rapidleech before 2.3 rev42 SVN r399 allows remote attackers to inject arbitrary web script or HTML via the notes parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/rapidleech/source/detail?r=399",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/rapidleech/source/detail?r=399"
},
{
"name" : "http://code.google.com/p/rapidleech/source/diff?spec=svn399&r=399&format=side&path=/trunk/notes.php",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/rapidleech/source/diff?spec=svn399&r=399&format=side&path=/trunk/notes.php"
},
{
"name" : "47434",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47434"
},
{
"name" : "rapidleech-notes-xss(72072)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72072"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in notes.php in Rapidleech before 2.3 rev42 SVN r399 allows remote attackers to inject arbitrary web script or HTML via the notes parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "rapidleech-notes-xss(72072)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72072"
},
{
"name": "47434",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47434"
},
{
"name": "http://code.google.com/p/rapidleech/source/detail?r=399",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/rapidleech/source/detail?r=399"
},
{
"name": "http://code.google.com/p/rapidleech/source/diff?spec=svn399&r=399&format=side&path=/trunk/notes.php",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/rapidleech/source/diff?spec=svn399&r=399&format=side&path=/trunk/notes.php"
}
]
}
}

160
2014/2xxx/CVE-2014-2509.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2509",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Session fixation vulnerability in the Report Advisor (RA) component in EMC Network Configuration Manager (NCM) before 9.3 allows remote attackers to hijack web sessions via a session cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-2509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140630 ESA-2014-055: EMC Network Configuration Manager (NCM) Session Fixation Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0168.html"
},
{
"name" : "20140808 ESA-2014-055: EMC Network Configuration Manager (NCM) Report Advisor Session Fixation Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/533077/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.com/files/127301/EMC-Network-Configuration-Manager-NCM-Session-Fixation.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127301/EMC-Network-Configuration-Manager-NCM-Session-Fixation.html"
},
{
"name" : "1030494",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030494"
},
{
"name" : "59423",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59423"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in the Report Advisor (RA) component in EMC Network Configuration Manager (NCM) before 9.3 allows remote attackers to hijack web sessions via a session cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "59423",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59423"
},
{
"name": "http://packetstormsecurity.com/files/127301/EMC-Network-Configuration-Manager-NCM-Session-Fixation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127301/EMC-Network-Configuration-Manager-NCM-Session-Fixation.html"
},
{
"name": "1030494",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030494"
},
{
"name": "20140630 ESA-2014-055: EMC Network Configuration Manager (NCM) Session Fixation Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0168.html"
},
{
"name": "20140808 ESA-2014-055: EMC Network Configuration Manager (NCM) Report Advisor Session Fixation Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533077/100/0/threaded"
}
]
}
}

120
2014/2xxx/CVE-2014-2516.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2516",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in EMC RSA Authentication Manager 8.x before 8.1 Patch 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-2516",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141212 ESA-2014-173: RSA Authentication Manager Unvalidated Redirect Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-12/0074.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in EMC RSA Authentication Manager 8.x before 8.1 Patch 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141212 ESA-2014-173: RSA Authentication Manager Unvalidated Redirect Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-12/0074.html"
}
]
}
}

190
2014/2xxx/CVE-2014-2744.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2744",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "plugins/mod_compression.lua in (1) Prosody before 0.9.4 and (2) Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cause a denial of service (resource consumption) via compressed XML elements in an XMPP stream, aka an \"xmppbomb\" attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-2744",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140407 Re: Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/04/07/7"
},
{
"name" : "[oss-security] 20140408 Re: (Openfire M-Link Metronome Prosody Tigase) Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/04/09/1"
},
{
"name" : "http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/",
"refsource" : "MISC",
"url" : "http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/"
},
{
"name" : "http://blog.prosody.im/prosody-0-9-4-released/",
"refsource" : "CONFIRM",
"url" : "http://blog.prosody.im/prosody-0-9-4-released/"
},
{
"name" : "http://code.lightwitch.org/metronome/rev/49f47277a411",
"refsource" : "CONFIRM",
"url" : "http://code.lightwitch.org/metronome/rev/49f47277a411"
},
{
"name" : "http://hg.prosody.im/0.9/rev/b3b1c9da38fb",
"refsource" : "CONFIRM",
"url" : "http://hg.prosody.im/0.9/rev/b3b1c9da38fb"
},
{
"name" : "DSA-2895",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2895"
},
{
"name" : "57710",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57710"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "plugins/mod_compression.lua in (1) Prosody before 0.9.4 and (2) Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cause a denial of service (resource consumption) via compressed XML elements in an XMPP stream, aka an \"xmppbomb\" attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/",
"refsource": "MISC",
"url": "http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/"
},
{
"name": "DSA-2895",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2895"
},
{
"name": "57710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57710"
},
{
"name": "http://code.lightwitch.org/metronome/rev/49f47277a411",
"refsource": "CONFIRM",
"url": "http://code.lightwitch.org/metronome/rev/49f47277a411"
},
{
"name": "http://blog.prosody.im/prosody-0-9-4-released/",
"refsource": "CONFIRM",
"url": "http://blog.prosody.im/prosody-0-9-4-released/"
},
{
"name": "http://hg.prosody.im/0.9/rev/b3b1c9da38fb",
"refsource": "CONFIRM",
"url": "http://hg.prosody.im/0.9/rev/b3b1c9da38fb"
},
{
"name": "[oss-security] 20140408 Re: (Openfire M-Link Metronome Prosody Tigase) Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/04/09/1"
},
{
"name": "[oss-security] 20140407 Re: Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/04/07/7"
}
]
}
}

140
2014/3xxx/CVE-2014-3262.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3262",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.3(3)S and earlier and IOS XE does not properly validate parameters in ITR control messages, which allows remote attackers to cause a denial of service (CEF outage and packet drops) via malformed messages, aka Bug ID CSCun73782."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34233",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34233"
},
{
"name" : "20140514 Cisco IOS Software and IOS XE Software LISP Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3262"
},
{
"name" : "1030243",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030243"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.3(3)S and earlier and IOS XE does not properly validate parameters in ITR control messages, which allows remote attackers to cause a denial of service (CEF outage and packet drops) via malformed messages, aka Bug ID CSCun73782."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1030243",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030243"
},
{
"name": "20140514 Cisco IOS Software and IOS XE Software LISP Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3262"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34233",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34233"
}
]
}
}

120
2014/6xxx/CVE-2014-6328.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6328",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka \"Internet Explorer XSS Filter Bypass Vulnerability,\" a different vulnerability than CVE-2014-6365."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-6328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-080",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-080"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka \"Internet Explorer XSS Filter Bypass Vulnerability,\" a different vulnerability than CVE-2014-6365."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS14-080",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-080"
}
]
}
}

160
2014/6xxx/CVE-2014-6439.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6439",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the CORS functionality in Elasticsearch before 1.4.0.Beta1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141002 Elasticsearch vulnerability CVE-2014-6439",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/533602/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.com/files/128556/Elasticsearch-1.3.x-CORS-Issue.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/128556/Elasticsearch-1.3.x-CORS-Issue.html"
},
{
"name" : "http://www.elasticsearch.org/blog/elasticsearch-1-4-0-beta-released/",
"refsource" : "CONFIRM",
"url" : "http://www.elasticsearch.org/blog/elasticsearch-1-4-0-beta-released/"
},
{
"name" : "https://www.elastic.co/community/security/",
"refsource" : "CONFIRM",
"url" : "https://www.elastic.co/community/security/"
},
{
"name" : "70233",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70233"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the CORS functionality in Elasticsearch before 1.4.0.Beta1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.elasticsearch.org/blog/elasticsearch-1-4-0-beta-released/",
"refsource": "CONFIRM",
"url": "http://www.elasticsearch.org/blog/elasticsearch-1-4-0-beta-released/"
},
{
"name": "20141002 Elasticsearch vulnerability CVE-2014-6439",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533602/100/0/threaded"
},
{
"name": "70233",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70233"
},
{
"name": "http://packetstormsecurity.com/files/128556/Elasticsearch-1.3.x-CORS-Issue.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128556/Elasticsearch-1.3.x-CORS-Issue.html"
},
{
"name": "https://www.elastic.co/community/security/",
"refsource": "CONFIRM",
"url": "https://www.elastic.co/community/security/"
}
]
}
}

140
2014/7xxx/CVE-2014-7024.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7024",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Hardest Game Collection (aka com.lotfun.abuse) application 1.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#885657",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/885657"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Hardest Game Collection (aka com.lotfun.abuse) application 1.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#885657",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/885657"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7106.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7106",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Orakel-Ball (aka com.wOrakelball) application 0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#713353",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/713353"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Orakel-Ball (aka com.wOrakelball) application 0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#713353",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/713353"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7294.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7294",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in the logon page in NYU OpenSSO Integration 2.1 and earlier for Ex Libris Patron Directory Services (PDS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141229 CVE-2014-7294 Ex Libris Patron Directory Services (PDS) Open Redirect Security Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Dec/127"
},
{
"name" : "http://packetstormsecurity.com/files/129756/Ex-Libris-Patron-Directory-Services-2.1-Open-Redirect.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129756/Ex-Libris-Patron-Directory-Services-2.1-Open-Redirect.html"
},
{
"name" : "http://tetraph.com/security/cves/cve-2014-7294-ex-libris-patron-directory-services-pds-open-redirect-security-vulnerability/",
"refsource" : "MISC",
"url" : "http://tetraph.com/security/cves/cve-2014-7294-ex-libris-patron-directory-services-pds-open-redirect-security-vulnerability/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in the logon page in NYU OpenSSO Integration 2.1 and earlier for Ex Libris Patron Directory Services (PDS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/129756/Ex-Libris-Patron-Directory-Services-2.1-Open-Redirect.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129756/Ex-Libris-Patron-Directory-Services-2.1-Open-Redirect.html"
},
{
"name": "20141229 CVE-2014-7294 Ex Libris Patron Directory Services (PDS) Open Redirect Security Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/127"
},
{
"name": "http://tetraph.com/security/cves/cve-2014-7294-ex-libris-patron-directory-services-pds-open-redirect-security-vulnerability/",
"refsource": "MISC",
"url": "http://tetraph.com/security/cves/cve-2014-7294-ex-libris-patron-directory-services-pds-open-redirect-security-vulnerability/"
}
]
}
}

140
2014/7xxx/CVE-2014-7392.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7392",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Russian Federation Traffic Rules (aka com.russia.pdd) application 1.21 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#539201",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/539201"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Russian Federation Traffic Rules (aka com.russia.pdd) application 1.21 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#539201",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/539201"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

230
2014/7xxx/CVE-2014-7929.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7929",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the HTMLScriptElement::didMoveToNewDocument function in core/html/HTMLScriptElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving movement of a SCRIPT element across documents."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2014-7929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=443115",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=443115"
},
{
"name" : "https://src.chromium.org/viewvc/blink?revision=187458&view=revision",
"refsource" : "CONFIRM",
"url" : "https://src.chromium.org/viewvc/blink?revision=187458&view=revision"
},
{
"name" : "GLSA-201502-13",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201502-13.xml"
},
{
"name" : "RHSA-2015:0093",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0093.html"
},
{
"name" : "openSUSE-SU-2015:0441",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html"
},
{
"name" : "USN-2476-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2476-1"
},
{
"name" : "72288",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72288"
},
{
"name" : "1031623",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031623"
},
{
"name" : "62575",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62575"
},
{
"name" : "62383",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62383"
},
{
"name" : "62665",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62665"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the HTMLScriptElement::didMoveToNewDocument function in core/html/HTMLScriptElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving movement of a SCRIPT element across documents."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62665",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62665"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=443115",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=443115"
},
{
"name": "https://src.chromium.org/viewvc/blink?revision=187458&view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/blink?revision=187458&view=revision"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html"
},
{
"name": "62575",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62575"
},
{
"name": "USN-2476-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2476-1"
},
{
"name": "72288",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72288"
},
{
"name": "GLSA-201502-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201502-13.xml"
},
{
"name": "1031623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031623"
},
{
"name": "openSUSE-SU-2015:0441",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html"
},
{
"name": "RHSA-2015:0093",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0093.html"
},
{
"name": "62383",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62383"
}
]
}
}

158
2017/0xxx/CVE-2017-0409.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-0409",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android-6.0"
},
{
"version_value" : "Android-6.0.1"
},
{
"version_value" : "Android-7.0"
},
{
"version_value" : "Android-7.1.1"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability in libstagefright could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31999646."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote code execution"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2017-0409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-6.0"
},
{
"version_value": "Android-6.0.1"
},
{
"version_value": "Android-7.0"
},
{
"version_value": "Android-7.1.1"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-02-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-02-01.html"
},
{
"name" : "96091",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96091"
},
{
"name" : "1037798",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037798"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability in libstagefright could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31999646."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037798",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037798"
},
{
"name": "96091",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96091"
},
{
"name": "https://source.android.com/security/bulletin/2017-02-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-02-01.html"
}
]
}
}

132
2017/0xxx/CVE-2017-0792.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2017-09-05T00:00:00",
"ID" : "CVE-2017-0792",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android kernel"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A information disclosure vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37305578. References: B-V2017052301."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2017-09-05T00:00:00",
"ID": "CVE-2017-0792",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-09-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name" : "100655",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100655"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A information disclosure vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37305578. References: B-V2017052301."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-09-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name": "100655",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100655"
}
]
}
}

260
2017/18xxx/CVE-2017-18344.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18344",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45175",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45175/"
},
{
"name" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8",
"refsource" : "MISC",
"url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8"
},
{
"name" : "https://github.com/torvalds/linux/commit/cef31d9af908243421258f1df35a4a644604efbe",
"refsource" : "MISC",
"url" : "https://github.com/torvalds/linux/commit/cef31d9af908243421258f1df35a4a644604efbe"
},
{
"name" : "RHSA-2018:2948",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name" : "RHSA-2018:3083",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"name" : "RHSA-2018:3096",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"name" : "RHSA-2018:3459",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3459"
},
{
"name" : "RHSA-2018:3540",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3540"
},
{
"name" : "RHSA-2018:3586",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3586"
},
{
"name" : "RHSA-2018:3590",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3590"
},
{
"name" : "RHSA-2018:3591",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3591"
},
{
"name" : "USN-3742-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3742-1/"
},
{
"name" : "USN-3742-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3742-2/"
},
{
"name" : "104909",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104909"
},
{
"name" : "1041414",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041414"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:3540",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3540"
},
{
"name": "RHSA-2018:3083",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"name": "RHSA-2018:3591",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3591"
},
{
"name": "RHSA-2018:3459",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3459"
},
{
"name": "1041414",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041414"
},
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8"
},
{
"name": "RHSA-2018:3590",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3590"
},
{
"name": "RHSA-2018:2948",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name": "https://github.com/torvalds/linux/commit/cef31d9af908243421258f1df35a4a644604efbe",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/cef31d9af908243421258f1df35a4a644604efbe"
},
{
"name": "USN-3742-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3742-2/"
},
{
"name": "104909",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104909"
},
{
"name": "USN-3742-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3742-1/"
},
{
"name": "RHSA-2018:3586",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3586"
},
{
"name": "45175",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45175/"
},
{
"name": "RHSA-2018:3096",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3096"
}
]
}
}

176
2017/1xxx/CVE-2017-1130.json
View File

@ -1,90 +1,90 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-08-31T00:00:00",
"ID" : "CVE-2017-1130",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Notes",
"version" : {
"version_data" : [
{
"version_value" : "8.5.3.6"
},
{
"version_value" : "8.5.2.4"
},
{
"version_value" : "9.0"
},
{
"version_value" : "9.0.1.8"
},
{
"version_value" : "8.5.2.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and have to be restarted. IBM X-Force ID: 121371."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-31T00:00:00",
"ID": "CVE-2017-1130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Notes",
"version": {
"version_data": [
{
"version_value": "8.5.3.6"
},
{
"version_value": "8.5.2.4"
},
{
"version_value": "9.0"
},
{
"version_value": "9.0.1.8"
},
{
"version_value": "8.5.2.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "42604",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42604/"
},
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/121371",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/121371"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21999384",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21999384"
},
{
"name" : "100632",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100632"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and have to be restarted. IBM X-Force ID: 121371."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121371",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121371"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21999384",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21999384"
},
{
"name": "42604",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42604/"
},
{
"name": "100632",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100632"
}
]
}
}

34
2017/1xxx/CVE-2017-1824.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1824",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-1824",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/1xxx/CVE-2017-1857.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1857",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-1857",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/1xxx/CVE-2017-1926.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1926",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-1926",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

140
2017/5xxx/CVE-2017-5154.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2017-5154",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Advantech WebAccess 8.1",
"version" : {
"version_data" : [
{
"version_value" : "Advantech WebAccess 8.1"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Advantech WebAccess SQL injection"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-5154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech WebAccess 8.1",
"version": {
"version_data": [
{
"version_value": "Advantech WebAccess 8.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01"
},
{
"name" : "https://www.tenable.com/security/research/tra-2017-04",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2017-04"
},
{
"name" : "95410",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95410"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Advantech WebAccess SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2017-04",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2017-04"
},
{
"name": "95410",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95410"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01"
}
]
}
}

130
2017/5xxx/CVE-2017-5191.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@microfocus.com",
"ID" : "CVE-2017-5191",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "NetIQ Access Manager 4.2 and NetIQ Access Manager 4.3",
"version" : {
"version_data" : [
{
"version_value" : "NetIQ Access Manager 4.2 and NetIQ Access Manager 4.3"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "XSS"
}
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"ID": "CVE-2017-5191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager 4.2 and NetIQ Access Manager 4.3",
"version": {
"version_data": [
{
"version_value": "NetIQ Access Manager 4.2 and NetIQ Access Manager 4.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.novell.com/support/kb/doc.php?id=7018793",
"refsource" : "CONFIRM",
"url" : "https://www.novell.com/support/kb/doc.php?id=7018793"
},
{
"name" : "98093",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98093"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.novell.com/support/kb/doc.php?id=7018793",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7018793"
},
{
"name": "98093",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98093"
}
]
}
}

170
2017/5xxx/CVE-2017-5550.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5550",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Off-by-one error in the pipe_advance function in lib/iov_iter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportunistic circumstances by reading from a pipe after an incorrect buffer-release decision."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170120 Re: CVE REQUEST: linux kernel: process with pgid zero able to crash kernel",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/01/21/3"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9dc6f65bc5e232d1c05fe34b5daadc7e8bbf1fb",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9dc6f65bc5e232d1c05fe34b5daadc7e8bbf1fb"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1416116",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1416116"
},
{
"name" : "https://github.com/torvalds/linux/commit/b9dc6f65bc5e232d1c05fe34b5daadc7e8bbf1fb",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/b9dc6f65bc5e232d1c05fe34b5daadc7e8bbf1fb"
},
{
"name" : "95716",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95716"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the pipe_advance function in lib/iov_iter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportunistic circumstances by reading from a pipe after an incorrect buffer-release decision."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170120 Re: CVE REQUEST: linux kernel: process with pgid zero able to crash kernel",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/21/3"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9dc6f65bc5e232d1c05fe34b5daadc7e8bbf1fb",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9dc6f65bc5e232d1c05fe34b5daadc7e8bbf1fb"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1416116",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416116"
},
{
"name": "95716",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95716"
},
{
"name": "https://github.com/torvalds/linux/commit/b9dc6f65bc5e232d1c05fe34b5daadc7e8bbf1fb",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/b9dc6f65bc5e232d1c05fe34b5daadc7e8bbf1fb"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5"
}
]
}
}

150
2017/5xxx/CVE-2017-5951.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5951",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.ghostscript.com/show_bug.cgi?id=697548",
"refsource" : "MISC",
"url" : "https://bugs.ghostscript.com/show_bug.cgi?id=697548"
},
{
"name" : "DSA-3838",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3838"
},
{
"name" : "GLSA-201708-06",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201708-06"
},
{
"name" : "98665",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98665"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3838",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3838"
},
{
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=697548",
"refsource": "MISC",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=697548"
},
{
"name": "98665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98665"
},
{
"name": "GLSA-201708-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201708-06"
}
]
}
}