admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:34:48 +00:00
parent 1be1870a24
commit 07b558060c
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 3174 additions and 3174 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2006/2xxx/CVE-2006-2084.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2084", "ID": "CVE-2006-2084",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in FarsiNews 2.5.3 Pro and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameters in (a) index.php, and the (3) mod parameter in (b) admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060426 XXS Attack On FarsiNews", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/432109/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in FarsiNews 2.5.3 Pro and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameters in (a) index.php, and the (3) mod parameter in (b) admin.php."
{ }
"name" : "http://www.aria-security.net/advisory/farsinews/farsinews0420062.txt", ]
"refsource" : "MISC", },
"url" : "http://www.aria-security.net/advisory/farsinews/farsinews0420062.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "17701", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/17701" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "812", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/812" ]
}, },
{ "references": {
"name" : "farsinews-index-admin-xss(26097)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26097" "name": "812",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/812"
} },
} {
"name": "http://www.aria-security.net/advisory/farsinews/farsinews0420062.txt",
"refsource": "MISC",
"url": "http://www.aria-security.net/advisory/farsinews/farsinews0420062.txt"
},
{
"name": "farsinews-index-admin-xss(26097)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26097"
},
{
"name": "17701",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17701"
},
{
"name": "20060426 XXS Attack On FarsiNews",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432109/100/0/threaded"
}
]
}
}

34
2006/2xxx/CVE-2006-2350.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2006-2350", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2006-2350",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-2344. Reason: This candidate is a duplicate of CVE-2006-2344. Notes: All CVE users should reference CVE-2006-2344 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-2344. Reason: This candidate is a duplicate of CVE-2006-2344. Notes: All CVE users should reference CVE-2006-2344 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

230
2006/2xxx/CVE-2006-2446.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2006-2446", "ID": "CVE-2006-2446",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition between the kfree_skb and __skb_unlink functions in the socket buffer handling in Linux kernel 2.6.9, and possibly other versions, allows remote attackers to cause a denial of service (crash), as demonstrated using the TCP stress tests from the LTP test suite."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm" "lang": "eng",
}, "value": "Race condition between the kfree_skb and __skb_unlink functions in the socket buffer handling in Linux kernel 2.6.9, and possibly other versions, allows remote attackers to cause a denial of service (crash), as demonstrated using the TCP stress tests from the LTP test suite."
{ }
"name" : "DSA-1183", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2006/dsa-1183" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-1184", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1184" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MDKSA-2007:025", ]
"refsource" : "MANDRIVA", }
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:025" ]
}, },
{ "references": {
"name" : "RHSA-2006:0575", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0575.html" "name": "MDKSA-2007:025",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:025"
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192779", },
"refsource" : "MISC", {
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192779" "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192779",
}, "refsource": "MISC",
{ "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192779"
"name" : "19475", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/19475" "name": "DSA-1183",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1183"
"name" : "oval:org.mitre.oval:def:9117", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9117" "name": "22082",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22082"
"name" : "21465", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21465" "name": "RHSA-2006:0575",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0575.html"
"name" : "22082", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22082" "name": "oval:org.mitre.oval:def:9117",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9117"
"name" : "22093", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22093" "name": "21465",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21465"
"name" : "22417", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22417" "name": "19475",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/19475"
} },
} {
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm"
},
{
"name": "22417",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22417"
},
{
"name": "22093",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22093"
},
{
"name": "DSA-1184",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1184"
}
]
}
}

180
2006/2xxx/CVE-2006-2835.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2835", "ID": "CVE-2006-2835",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in saphplesson 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) forumid parameter in add.php and (2) lessid parameter in show.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060527 Critical sql injection in saphplesson 2.0", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/435202/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in saphplesson 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) forumid parameter in add.php and (2) lessid parameter in show.php."
{ }
"name" : "20060711 saphp \"add.php\" forumid Parameter SQL Injection", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/440120" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20070704 SQL Injection in SaphpLesson2.0 \"show.php\"", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/472798/100/0/threaded" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "18934", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/18934" ]
}, },
{ "references": {
"name" : "18117", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/18117" "name": "saphplesson-show-sql-injection(26757)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26757"
"name" : "1047", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1047" "name": "1047",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/1047"
"name" : "saphplesson-show-sql-injection(26757)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26757" "name": "20070704 SQL Injection in SaphpLesson2.0 \"show.php\"",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/472798/100/0/threaded"
} },
} {
"name": "18117",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18117"
},
{
"name": "18934",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18934"
},
{
"name": "20060711 saphp \"add.php\" forumid Parameter SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440120"
},
{
"name": "20060527 Critical sql injection in saphplesson 2.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435202/100/0/threaded"
}
]
}
}

150
2006/3xxx/CVE-2006-3173.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3173", "ID": "CVE-2006-3173",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Content*Builder 0.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) path[cb] parameter to (a) libraries/comment/postComment.php and (b) modules/poll/poll.php, (2) rel parameter to (c) modules/archive/overview.inc.php, and the (3) actualModuleDir parameter to (d) modules/forum/showThread.inc.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20071003 Content Builder 0.7.5 RFI Bug", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/481435/100/0/threaded" "lang": "eng",
}, "value": "Multiple PHP remote file inclusion vulnerabilities in Content*Builder 0.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) path[cb] parameter to (a) libraries/comment/postComment.php and (b) modules/poll/poll.php, (2) rel parameter to (c) modules/archive/overview.inc.php, and the (3) actualModuleDir parameter to (d) modules/forum/showThread.inc.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
{ }
"name" : "25914", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/25914" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20557", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20557" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "contentbuilder-multiple-file-include(27044)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27044" ]
} },
] "references": {
} "reference_data": [
} {
"name": "contentbuilder-multiple-file-include(27044)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27044"
},
{
"name": "25914",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25914"
},
{
"name": "20071003 Content Builder 0.7.5 RFI Bug",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/481435/100/0/threaded"
},
{
"name": "20557",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20557"
}
]
}
}

140
2006/3xxx/CVE-2006-3202.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3202", "ID": "CVE-2006-3202",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ip6_savecontrol function in NetBSD 2.0 through 3.0, under certain configurations, does not check to see if IPv4-mapped sockets are being used before processing IPv6 socket options, which allows local users to cause a denial of service (crash) by creating an IPv4-mapped IPv6 socket with the SO_TIMESTAMP socket option set, then sending an IPv4 packet through the socket."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "NetBSD-SA2006-016", "description_data": [
"refsource" : "NETBSD", {
"url" : "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-016.txt.asc" "lang": "eng",
}, "value": "The ip6_savecontrol function in NetBSD 2.0 through 3.0, under certain configurations, does not check to see if IPv4-mapped sockets are being used before processing IPv6 socket options, which allows local users to cause a denial of service (crash) by creating an IPv4-mapped IPv6 socket with the SO_TIMESTAMP socket option set, then sending an IPv4 packet through the socket."
{ }
"name" : "1016250", ]
"refsource" : "SECTRACK", },
"url" : "http://securitytracker.com/id?1016250" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "netbsd-ipv6-dos(27139)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27139" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1016250",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016250"
},
{
"name": "netbsd-ipv6-dos(27139)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27139"
},
{
"name": "NetBSD-SA2006-016",
"refsource": "NETBSD",
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-016.txt.asc"
}
]
}
}

180
2006/3xxx/CVE-2006-3555.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3555", "ID": "CVE-2006-3555",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PHP-Fusion before 6.01.3 allow remote attackers to inject arbitrary web script or HTML by using edit_profile.php to upload a (1) avatar or (2) forum image attachment that has a .gif or .jpg extension, and begins with a GIF header followed by JavaScript code, which is executed by Internet Explorer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060701 Php-Fusion (Xss) With Avatar Upload", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/438938/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PHP-Fusion before 6.01.3 allow remote attackers to inject arbitrary web script or HTML by using edit_profile.php to upload a (1) avatar or (2) forum image attachment that has a .gif or .jpg extension, and begins with a GIF header followed by JavaScript code, which is executed by Internet Explorer."
{ }
"name" : "http://php-fusion.co.uk/news.php", ]
"refsource" : "CONFIRM", },
"url" : "http://php-fusion.co.uk/news.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "18787", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/18787" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-2655", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/2655" ]
}, },
{ "references": {
"name" : "20904", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20904" "name": "20060701 Php-Fusion (Xss) With Avatar Upload",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/438938/100/0/threaded"
"name" : "1224", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1224" "name": "18787",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/18787"
"name" : "phpfusion-avatar-xss(27537)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27537" "name": "ADV-2006-2655",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/2655"
} },
} {
"name": "1224",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1224"
},
{
"name": "20904",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20904"
},
{
"name": "phpfusion-avatar-xss(27537)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27537"
},
{
"name": "http://php-fusion.co.uk/news.php",
"refsource": "CONFIRM",
"url": "http://php-fusion.co.uk/news.php"
}
]
}
}

160
2006/3xxx/CVE-2006-3570.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3570", "ID": "CVE-2006-3570",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the webform module in Drupal 4.6 before July 8, 2006 and 4.7 before July 8, 2006 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://drupal.org/node/72846", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://drupal.org/node/72846" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the webform module in Drupal 4.6 before July 8, 2006 and 4.7 before July 8, 2006 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "18947", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/18947" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-2764", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2764" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "21021", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/21021" ]
}, },
{ "references": {
"name" : "webform-unspecified-xss(27685)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27685" "name": "21021",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/21021"
} },
} {
"name": "18947",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18947"
},
{
"name": "webform-unspecified-xss(27685)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27685"
},
{
"name": "ADV-2006-2764",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2764"
},
{
"name": "http://drupal.org/node/72846",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/72846"
}
]
}
}

140
2006/3xxx/CVE-2006-3785.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3785", "ID": "CVE-2006-3785",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain the passwords from the window using tools such as Nirsoft Asterwin."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060718 PcAnywhere > 12 Local Privilege Escalation", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/440448/100/0/threaded" "lang": "eng",
}, "value": "Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain the passwords from the window using tools such as Nirsoft Asterwin."
{ }
"name" : "http://www.digitalbullets.org/?p=3", ]
"refsource" : "MISC", },
"url" : "http://www.digitalbullets.org/?p=3" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1261", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1261" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20060718 PcAnywhere > 12 Local Privilege Escalation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440448/100/0/threaded"
},
{
"name": "http://www.digitalbullets.org/?p=3",
"refsource": "MISC",
"url": "http://www.digitalbullets.org/?p=3"
},
{
"name": "1261",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1261"
}
]
}
}

160
2006/6xxx/CVE-2006-6596.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6596", "ID": "CVE-2006-6596",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HyperAccess 8.4 allows user-assisted remote attackers to execute arbitrary vbscript and commands via a session (HAW) file, which can be automatically opened using Internet Explorer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061214 HyperAccess - Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/454388/100/0/threaded" "lang": "eng",
}, "value": "HyperAccess 8.4 allows user-assisted remote attackers to execute arbitrary vbscript and commands via a session (HAW) file, which can be automatically opened using Internet Explorer."
{ }
"name" : "21594", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/21594" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-5013", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/5013" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "23366", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/23366" ]
}, },
{ "references": {
"name" : "2045", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/2045" "name": "20061214 HyperAccess - Multiple Vulnerabilities",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/454388/100/0/threaded"
} },
} {
"name": "21594",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21594"
},
{
"name": "23366",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23366"
},
{
"name": "2045",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2045"
},
{
"name": "ADV-2006-5013",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5013"
}
]
}
}

130
2006/6xxx/CVE-2006-6626.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6626", "ID": "CVE-2006-6626",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in an unspecified component of Moodle 1.5 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. NOTE: It is unclear whether this candidate overlaps CVE-2006-4784 or CVE-2006-4941."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.securityfocus.com/data/vulnerabilities/exploits/21596.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.securityfocus.com/data/vulnerabilities/exploits/21596.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in an unspecified component of Moodle 1.5 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. NOTE: It is unclear whether this candidate overlaps CVE-2006-4784 or CVE-2006-4941."
{ }
"name" : "21596", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/21596" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21596",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21596"
},
{
"name": "http://www.securityfocus.com/data/vulnerabilities/exploits/21596.html",
"refsource": "MISC",
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/21596.html"
}
]
}
}

140
2006/6xxx/CVE-2006-6815.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6815", "ID": "CVE-2006-6815",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified parameters to (1) set_preferences.asp, (2) send_password_preferences.asp, and (3) SecureLoginManager/list.asp in the Local-Admin Panel."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061227 Secure Login Manager Multiple Input Validation Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/455353/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified parameters to (1) set_preferences.asp, (2) send_password_preferences.asp, and (3) SecureLoginManager/list.asp in the Local-Admin Panel."
{ }
"name" : "1017448", ]
"refsource" : "SECTRACK", },
"url" : "http://securitytracker.com/id?1017448" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "secureloginmanager-multiple-xss(31157)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31157" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1017448",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017448"
},
{
"name": "secureloginmanager-multiple-xss(31157)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31157"
},
{
"name": "20061227 Secure Login Manager Multiple Input Validation Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455353/100/0/threaded"
}
]
}
}

140
2006/7xxx/CVE-2006-7060.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-7060", "ID": "CVE-2006-7060",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "cindex.php in Scriptsez.net E-Dating System allows remote attackers to obtain the full path via an invalid id parameter in a dologin action, which leaks the path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060607 E-Dating System from scriptsez.net - XSS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-06/0067.html" "lang": "eng",
}, "value": "cindex.php in Scriptsez.net E-Dating System allows remote attackers to obtain the full path via an invalid id parameter in a dologin action, which leaks the path in an error message."
{ }
"name" : "20535", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/20535" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "2300", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/2300" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20060607 E-Dating System from scriptsez.net - XSS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-06/0067.html"
},
{
"name": "2300",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2300"
},
{
"name": "20535",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20535"
}
]
}
}

34
2011/0xxx/CVE-2011-0296.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-0296", "ID": "CVE-2011-0296",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2011/0xxx/CVE-2011-0369.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-0369", "ID": "CVE-2011-0369",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2011/0xxx/CVE-2011-0750.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-0750", "ID": "CVE-2011-0750",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2011/1xxx/CVE-2011-1903.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-1903", "ID": "CVE-2011-1903",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in an unspecified function in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php" "lang": "eng",
}, "value": "SQL injection vulnerability in an unspecified function in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
{ }
"name" : "https://support.proofpoint.com/article.cgi?article_id=338413", ]
"refsource" : "MISC", },
"url" : "https://support.proofpoint.com/article.cgi?article_id=338413" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#790980", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/790980" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://support.proofpoint.com/article.cgi?article_id=338413",
"refsource": "MISC",
"url": "https://support.proofpoint.com/article.cgi?article_id=338413"
},
{
"name": "VU#790980",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/790980"
},
{
"name": "http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php",
"refsource": "MISC",
"url": "http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php"
}
]
}
}

170
2011/2xxx/CVE-2011-2182.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-2182", "ID": "CVE-2011-2182",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel before 2.6.39.1 does not properly handle memory allocation for non-initial fragments, which might allow local users to conduct buffer overflow attacks, and gain privileges or obtain sensitive information, via a crafted LDM partition table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1017."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110605 Re: CVE request: kernel: fs/partitions: Kernel heap overflow via corrupted LDM partition tables", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/06/05/1" "lang": "eng",
}, "value": "The ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel before 2.6.39.1 does not properly handle memory allocation for non-initial fragments, which might allow local users to conduct buffer overflow attacks, and gain privileges or obtain sensitive information, via a crafted LDM partition table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1017."
{ }
"name" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.1", ]
"refsource" : "CONFIRM", },
"url" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cae13fe4cc3f24820ffb990c09110626837e85d4", "description": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cae13fe4cc3f24820ffb990c09110626837e85d4" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/torvalds/linux/commit/cae13fe4cc3f24820ffb990c09110626837e85d4", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/torvalds/linux/commit/cae13fe4cc3f24820ffb990c09110626837e85d4" ]
}, },
{ "references": {
"name" : "HPSBGN02970", "reference_data": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=139447903326211&w=2" "name": "52334",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/52334"
"name" : "52334", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/52334" "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cae13fe4cc3f24820ffb990c09110626837e85d4",
} "refsource": "CONFIRM",
] "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cae13fe4cc3f24820ffb990c09110626837e85d4"
} },
} {
"name": "https://github.com/torvalds/linux/commit/cae13fe4cc3f24820ffb990c09110626837e85d4",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/cae13fe4cc3f24820ffb990c09110626837e85d4"
},
{
"name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.1",
"refsource": "CONFIRM",
"url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.1"
},
{
"name": "[oss-security] 20110605 Re: CVE request: kernel: fs/partitions: Kernel heap overflow via corrupted LDM partition tables",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/05/1"
},
{
"name": "HPSBGN02970",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=139447903326211&w=2"
}
]
}
}

260
2011/3xxx/CVE-2011-3324.json
View File

@ -1,132 +1,132 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2011-3324", "ID": "CVE-2011-3324",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ospf6_lsa_is_changed function in ospf6_lsa.c in the OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via trailing zero values in the Link State Advertisement (LSA) header list of an IPv6 Database Description message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.cert.fi/en/reports/2011/vulnerability539178.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.cert.fi/en/reports/2011/vulnerability539178.html" "lang": "eng",
}, "value": "The ospf6_lsa_is_changed function in ospf6_lsa.c in the OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via trailing zero values in the Link State Advertisement (LSA) header list of an IPv6 Database Description message."
{ }
"name" : "http://code.quagga.net/?p=quagga.git;a=commit;h=09395e2a0e93b2cf4258cb1de91887948796bb68", ]
"refsource" : "CONFIRM", },
"url" : "http://code.quagga.net/?p=quagga.git;a=commit;h=09395e2a0e93b2cf4258cb1de91887948796bb68" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.quagga.net/download/quagga-0.99.19.changelog.txt", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.quagga.net/download/quagga-0.99.19.changelog.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-2316", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2011/dsa-2316" ]
}, },
{ "references": {
"name" : "GLSA-201202-02", "reference_data": [
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201202-02.xml" "name": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt",
}, "refsource": "CONFIRM",
{ "url": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt"
"name" : "RHSA-2012:1258", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1258.html" "name": "VU#668534",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/668534"
"name" : "RHSA-2012:1259", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1259.html" "name": "http://code.quagga.net/?p=quagga.git;a=commit;h=09395e2a0e93b2cf4258cb1de91887948796bb68",
}, "refsource": "CONFIRM",
{ "url": "http://code.quagga.net/?p=quagga.git;a=commit;h=09395e2a0e93b2cf4258cb1de91887948796bb68"
"name" : "SUSE-SU-2011:1075", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html" "name": "DSA-2316",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2011/dsa-2316"
"name" : "openSUSE-SU-2011:1155", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html" "name": "RHSA-2012:1259",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
"name" : "SUSE-SU-2011:1171", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html" "name": "https://www.cert.fi/en/reports/2011/vulnerability539178.html",
}, "refsource": "MISC",
{ "url": "https://www.cert.fi/en/reports/2011/vulnerability539178.html"
"name" : "SUSE-SU-2011:1316", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html" "name": "46139",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/46139"
"name" : "VU#668534", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/668534" "name": "SUSE-SU-2011:1075",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html"
"name" : "46139", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/46139" "name": "openSUSE-SU-2011:1155",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html"
"name" : "46274", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/46274" "name": "GLSA-201202-02",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
"name" : "48106", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48106" "name": "RHSA-2012:1258",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
} },
} {
"name": "SUSE-SU-2011:1316",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"name": "46274",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46274"
},
{
"name": "48106",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48106"
},
{
"name": "SUSE-SU-2011:1171",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html"
}
]
}
}

140
2011/3xxx/CVE-2011-3710.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3710", "ID": "CVE-2011-3710",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "bbPress 1.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by bb-templates/kakumei/view.php and certain other files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" "lang": "eng",
}, "value": "bbPress 1.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by bb-templates/kakumei/view.php and certain other files."
{ }
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", ]
"refsource" : "MISC", },
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/bbpress-1.0.2", "description": [
"refsource" : "MISC", {
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/bbpress-1.0.2" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/bbpress-1.0.2",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/bbpress-1.0.2"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}

140
2011/4xxx/CVE-2011-4307.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-4307", "ID": "CVE-2011-4307",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in mod/wiki/lang/en/wiki.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the section parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=41017112cff7f5bd7969c72d321320f3090e7c68", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=41017112cff7f5bd7969c72d321320f3090e7c68" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in mod/wiki/lang/en/wiki.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the section parameter."
{ }
"name" : "http://moodle.org/mod/forum/discuss.php?d=188321", ]
"refsource" : "CONFIRM", },
"url" : "http://moodle.org/mod/forum/discuss.php?d=188321" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=747444", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=747444" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=41017112cff7f5bd7969c72d321320f3090e7c68",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=41017112cff7f5bd7969c72d321320f3090e7c68"
},
{
"name": "http://moodle.org/mod/forum/discuss.php?d=188321",
"refsource": "CONFIRM",
"url": "http://moodle.org/mod/forum/discuss.php?d=188321"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=747444",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=747444"
}
]
}
}

130
2011/4xxx/CVE-2011-4499.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-4499", "ID": "CVE-2011-4499",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an \"external forwarding\" vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.upnp-hacks.org/devices.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.upnp-hacks.org/devices.html" "lang": "eng",
}, "value": "The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an \"external forwarding\" vulnerability."
{ }
"name" : "VU#357851", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/357851" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.upnp-hacks.org/devices.html",
"refsource": "MISC",
"url": "http://www.upnp-hacks.org/devices.html"
},
{
"name": "VU#357851",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/357851"
}
]
}
}

290
2011/4xxx/CVE-2011-4605.json
View File

@ -1,147 +1,147 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-4605", "ID": "CVE-2011-4605",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=766469", "description_data": [
"refsource" : "MISC", {
"url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=766469" "lang": "eng",
}, "value": "The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors."
{ }
"name" : "RHSA-2012:1022", ]
"refsource" : "REDHAT", },
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1022.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2012:1023", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1023.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2012:1024", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1024.html" ]
}, },
{ "references": {
"name" : "RHSA-2012:1025", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1025.html" "name": "1027501",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1027501"
"name" : "RHSA-2012:1026", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1026.html" "name": "49656",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/49656"
"name" : "RHSA-2012:1027", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1027.html" "name": "RHSA-2012:1028",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1028.html"
"name" : "RHSA-2012:1028", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1028.html" "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=766469",
}, "refsource": "MISC",
{ "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=766469"
"name" : "RHSA-2012:1109", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1109.html" "name": "49658",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/49658"
"name" : "RHSA-2012:1125", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1125.html" "name": "RHSA-2012:1109",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1109.html"
"name" : "RHSA-2012:1232", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1232.html" "name": "RHSA-2012:1025",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1025.html"
"name" : "RHSA-2012:1295", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1295.html" "name": "50084",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/50084"
"name" : "54644", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/54644" "name": "RHSA-2012:1295",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1295.html"
"name" : "1027501", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1027501" "name": "RHSA-2012:1027",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1027.html"
"name" : "49656", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/49656" "name": "54644",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/54644"
"name" : "49658", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/49658" "name": "RHSA-2012:1026",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1026.html"
"name" : "50084", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50084" "name": "50549",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/50549"
"name" : "50549", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50549" "name": "RHSA-2012:1024",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2012-1024.html"
} },
} {
"name": "RHSA-2012:1232",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1232.html"
},
{
"name": "RHSA-2012:1022",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1022.html"
},
{
"name": "RHSA-2012:1023",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1023.html"
},
{
"name": "RHSA-2012:1125",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1125.html"
}
]
}
}

120
2013/1xxx/CVE-2013-1115.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2013-1115", "ID": "CVE-2013-1115",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Cisco WebEx Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ARF file, aka Bug IDs CSCue74118, CSCub28371, CSCud23401, and CSCud31109."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130904 Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130904-webex" "lang": "eng",
} "value": "Buffer overflow in Cisco WebEx Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ARF file, aka Bug IDs CSCue74118, CSCub28371, CSCud23401, and CSCud31109."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130904 Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130904-webex"
}
]
}
}

120
2013/1xxx/CVE-2013-1163.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2013-1163", "ID": "CVE-2013-1163",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in the device-management implementation in Cisco Connected Grid Network Management System (CG-NMS) allow remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCue14553 and CSCue38746."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130401 Cisco Connected Grid Network Management System SQL Injection Vulnerabilities", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1163" "lang": "eng",
} "value": "Multiple SQL injection vulnerabilities in the device-management implementation in Cisco Connected Grid Network Management System (CG-NMS) allow remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCue14553 and CSCue38746."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130401 Cisco Connected Grid Network Management System SQL Injection Vulnerabilities",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1163"
}
]
}
}

180
2013/5xxx/CVE-2013-5029.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-5029", "ID": "CVE-2013-5029",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/phpmyadmin/phpmyadmin/commit/240b8332db53dedc27baeec5306dabad3bdece3b", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/phpmyadmin/phpmyadmin/commit/240b8332db53dedc27baeec5306dabad3bdece3b" "lang": "eng",
}, "value": "phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php."
{ }
"name" : "https://github.com/phpmyadmin/phpmyadmin/commit/24d0eb55203b029f250c77d63f2900ffbe099e8b", ]
"refsource" : "MISC", },
"url" : "https://github.com/phpmyadmin/phpmyadmin/commit/24d0eb55203b029f250c77d63f2900ffbe099e8b" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/phpmyadmin/phpmyadmin/commit/66fe475d4f51b1761719cb0cab360748800373f7", "description": [
"refsource" : "MISC", {
"url" : "https://github.com/phpmyadmin/phpmyadmin/commit/66fe475d4f51b1761719cb0cab360748800373f7" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/phpmyadmin/phpmyadmin/commit/da4042fb6c4365dc8187765c3bf525043687c66f", ]
"refsource" : "MISC", }
"url" : "https://github.com/phpmyadmin/phpmyadmin/commit/da4042fb6c4365dc8187765c3bf525043687c66f" ]
}, },
{ "references": {
"name" : "http://www.phpmyadmin.net/home_page/security/PMASA-2013-10.php", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.phpmyadmin.net/home_page/security/PMASA-2013-10.php" "name": "openSUSE-SU-2013:1343",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00013.html"
"name" : "openSUSE-SU-2013:1343", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00013.html" "name": "https://github.com/phpmyadmin/phpmyadmin/commit/240b8332db53dedc27baeec5306dabad3bdece3b",
}, "refsource": "MISC",
{ "url": "https://github.com/phpmyadmin/phpmyadmin/commit/240b8332db53dedc27baeec5306dabad3bdece3b"
"name" : "54488", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/54488" "name": "54488",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/54488"
} },
} {
"name": "https://github.com/phpmyadmin/phpmyadmin/commit/24d0eb55203b029f250c77d63f2900ffbe099e8b",
"refsource": "MISC",
"url": "https://github.com/phpmyadmin/phpmyadmin/commit/24d0eb55203b029f250c77d63f2900ffbe099e8b"
},
{
"name": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-10.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-10.php"
},
{
"name": "https://github.com/phpmyadmin/phpmyadmin/commit/66fe475d4f51b1761719cb0cab360748800373f7",
"refsource": "MISC",
"url": "https://github.com/phpmyadmin/phpmyadmin/commit/66fe475d4f51b1761719cb0cab360748800373f7"
},
{
"name": "https://github.com/phpmyadmin/phpmyadmin/commit/da4042fb6c4365dc8187765c3bf525043687c66f",
"refsource": "MISC",
"url": "https://github.com/phpmyadmin/phpmyadmin/commit/da4042fb6c4365dc8187765c3bf525043687c66f"
}
]
}
}

150
2013/5xxx/CVE-2013-5429.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2013-5429", "ID": "CVE-2013-5429",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.2 before FP9 does not prevent reuse of One Time Password (OTP) tokens, which makes it easier for remote authenticated users to complete transactions by leveraging access to an already-used token."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660509", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660509" "lang": "eng",
}, "value": "The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.2 before FP9 does not prevent reuse of One Time Password (OTP) tokens, which makes it easier for remote authenticated users to complete transactions by leveraging access to an already-used token."
{ }
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660510", ]
"refsource" : "CONFIRM", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660510" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "IV52624", "description": [
"refsource" : "AIXAPAR", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV52624" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ibm-tivoli-cve20135429-sec-bypass(87561)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87561" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660510",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660510"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660509",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660509"
},
{
"name": "IV52624",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV52624"
},
{
"name": "ibm-tivoli-cve20135429-sec-bypass(87561)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87561"
}
]
}
}

34
2013/5xxx/CVE-2013-5742.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-5742", "ID": "CVE-2013-5742",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

150
2013/5xxx/CVE-2013-5866.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2013-5866", "ID": "CVE-2013-5866",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel."
{ }
"name" : "63070", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/63070" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "98499", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/98499" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oracle-cpuoct2013-cve20135866(88011)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/88011" ]
} },
] "references": {
} "reference_data": [
} {
"name": "98499",
"refsource": "OSVDB",
"url": "http://osvdb.org/98499"
},
{
"name": "63070",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63070"
},
{
"name": "oracle-cpuoct2013-cve20135866(88011)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88011"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
}
]
}
}

150
2013/5xxx/CVE-2013-5994.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2013-5994", "ID": "CVE-2013-5994",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://svn.ec-cube.net/open_trac/changeset/23278", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://svn.ec-cube.net/open_trac/changeset/23278" "lang": "eng",
}, "value": "data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message."
{ }
"name" : "http://www.ec-cube.net/info/weakness/weakness.php?id=52", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ec-cube.net/info/weakness/weakness.php?id=52" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "JVN#06870202", "description": [
"refsource" : "JVN", {
"url" : "http://jvn.jp/en/jp/JVN06870202/index.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "JVNDB-2013-000098", ]
"refsource" : "JVNDB", }
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000098" ]
} },
] "references": {
} "reference_data": [
} {
"name": "JVN#06870202",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN06870202/index.html"
},
{
"name": "http://svn.ec-cube.net/open_trac/changeset/23278",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/changeset/23278"
},
{
"name": "JVNDB-2013-000098",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000098"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=52",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=52"
}
]
}
}

34
2014/2xxx/CVE-2014-2215.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-2215", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-2215",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
} }
] ]
} }
} }

34
2014/2xxx/CVE-2014-2344.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-2344", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-2344",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
} }
] ]
} }
} }

34
2014/2xxx/CVE-2014-2551.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2551", "ID": "CVE-2014-2551",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2014/2xxx/CVE-2014-2764.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2014-2764", "ID": "CVE-2014-2764",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1794, CVE-2014-1797, CVE-2014-1802, CVE-2014-2756, CVE-2014-2763, CVE-2014-2769, and CVE-2014-2771."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS14-035", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035" "lang": "eng",
}, "value": "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1794, CVE-2014-1797, CVE-2014-1802, CVE-2014-2756, CVE-2014-2763, CVE-2014-2769, and CVE-2014-2771."
{ }
"name" : "67848", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/67848" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1030370", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1030370" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "67848",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67848"
},
{
"name": "1030370",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030370"
},
{
"name": "MS14-035",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035"
}
]
}
}

150
2014/6xxx/CVE-2014-6172.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2014-6172", "ID": "CVE-2014-6172",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM API Management 3.0 before 3.0.4.0 IF1 allows remote attackers to obtain sensitive analytics information in an encrypted form via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21694460", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21694460" "lang": "eng",
}, "value": "IBM API Management 3.0 before 3.0.4.0 IF1 allows remote attackers to obtain sensitive analytics information in an encrypted form via unspecified vectors."
{ }
"name" : "LI78291", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1LI78291" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1031613", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031613" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ibm-apim-cve20146172-sec-bypass(98417)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98417" ]
} },
] "references": {
} "reference_data": [
} {
"name": "1031613",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031613"
},
{
"name": "ibm-apim-cve20146172-sec-bypass(98417)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98417"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21694460",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694460"
},
{
"name": "LI78291",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LI78291"
}
]
}
}

160
2014/6xxx/CVE-2014-6287.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-6287", "ID": "CVE-2014-6287",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "39161", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/39161/" "lang": "eng",
}, "value": "The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action."
{ }
"name" : "http://packetstormsecurity.com/files/128243/HttpFileServer-2.3.x-Remote-Command-Execution.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/128243/HttpFileServer-2.3.x-Remote-Command-Execution.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/rapid7/metasploit-framework/pull/3793", "description": [
"refsource" : "MISC", {
"url" : "https://github.com/rapid7/metasploit-framework/pull/3793" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://packetstormsecurity.com/files/135122/Rejetto-HTTP-File-Server-2.3.x-Remote-Code-Execution.html", ]
"refsource" : "MISC", }
"url" : "http://packetstormsecurity.com/files/135122/Rejetto-HTTP-File-Server-2.3.x-Remote-Code-Execution.html" ]
}, },
{ "references": {
"name" : "VU#251276", "reference_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/251276" "name": "VU#251276",
} "refsource": "CERT-VN",
] "url": "http://www.kb.cert.org/vuls/id/251276"
} },
} {
"name": "39161",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39161/"
},
{
"name": "http://packetstormsecurity.com/files/128243/HttpFileServer-2.3.x-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128243/HttpFileServer-2.3.x-Remote-Command-Execution.html"
},
{
"name": "https://github.com/rapid7/metasploit-framework/pull/3793",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/pull/3793"
},
{
"name": "http://packetstormsecurity.com/files/135122/Rejetto-HTTP-File-Server-2.3.x-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135122/Rejetto-HTTP-File-Server-2.3.x-Remote-Code-Execution.html"
}
]
}
}

140
2014/6xxx/CVE-2014-6647.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-6647", "ID": "CVE-2014-6647",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ElForro.com (aka com.tapatalk.elforrocom) application 2.4.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The ElForro.com (aka com.tapatalk.elforrocom) application 2.4.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#582497", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/582497" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#675161", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/675161" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#675161",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/675161"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

34
2014/6xxx/CVE-2014-6849.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-6849", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-6849",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
} }
] ]
} }
} }

140
2014/7xxx/CVE-2014-7656.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7656", "ID": "CVE-2014-7656",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Indian Management (aka com.magzter.indianmanagement) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Indian Management (aka com.magzter.indianmanagement) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#582497", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/582497" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#866121", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/866121" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#866121",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/866121"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

130
2017/0xxx/CVE-2017-0221.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2017-0221", "ID": "CVE-2017-0221",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Edge", "product_name": "Microsoft Edge",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows 10 Version 1607 for 32-bit Systems and Windows 10 Version 1607 for x64-based Systems." "version_value": "Windows 10 Version 1607 for 32-bit Systems and Windows 10 Version 1607 for x64-based Systems."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0227 and CVE-2017-0240."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0221", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0221" "lang": "eng",
}, "value": "A vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0227 and CVE-2017-0240."
{ }
"name" : "98147", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/98147" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98147",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98147"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0221",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0221"
}
]
}
}

140
2017/0xxx/CVE-2017-0272.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2017-0272", "ID": "CVE-2017-0272",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Server Message Block 1.0", "product_name": "Server Message Block 1.0",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016." "version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka \"Windows SMB Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0277, CVE-2017-0278, and CVE-2017-0279."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" "lang": "eng",
}, "value": "The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka \"Windows SMB Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0277, CVE-2017-0278, and CVE-2017-0279."
{ }
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0272", ]
"refsource" : "CONFIRM", },
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0272" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "98260", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/98260" "lang": "eng",
} "value": "Remote Code Execution"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "98260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98260"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0272",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0272"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
}
]
}
}

122
2017/1000xxx/CVE-2017-1000001.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-1000001", "ID": "CVE-2017-1000001",
"REQUESTER" : "puiterwijk@redhat.com", "REQUESTER": "puiterwijk@redhat.com",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "fedmsg", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "0.18.1 and older" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Fedora Project" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Missing SSL certification verification"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/fedora-infra/fedmsg/blob/0.18.2/CHANGELOG.rst", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/fedora-infra/fedmsg/blob/0.18.2/CHANGELOG.rst" "lang": "eng",
} "value": "FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fedora-infra/fedmsg/blob/0.18.2/CHANGELOG.rst",
"refsource": "CONFIRM",
"url": "https://github.com/fedora-infra/fedmsg/blob/0.18.2/CHANGELOG.rst"
}
]
}
}

272
2017/1000xxx/CVE-2017-1000367.json
View File

@ -1,138 +1,138 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-1000367", "ID": "CVE-2017-1000367",
"REQUESTER" : "Todd.Miller@courtesan.com", "REQUESTER": "Todd.Miller@courtesan.com",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "sudo", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "1.8.20" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "sudo" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "42183", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/42183/" "lang": "eng",
}, "value": "Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution."
{ }
"name" : "20170602 Qualys Security Advisory - CVE-2017-1000367 in Sudo's get_process_ttyname() for Linux", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2017/Jun/3" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20170530 Qualys Security Advisory - CVE-2017-1000367 in Sudo's get_process_ttyname() for Linux", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2017/05/30/16" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://packetstormsecurity.com/files/142783/Sudo-get_process_ttyname-Race-Condition.html", ]
"refsource" : "MISC", }
"url" : "http://packetstormsecurity.com/files/142783/Sudo-get_process_ttyname-Race-Condition.html" ]
}, },
{ "references": {
"name" : "https://www.sudo.ws/alerts/linux_tty.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.sudo.ws/alerts/linux_tty.html" "name": "USN-3304-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-3304-1"
"name" : "DSA-3867", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3867" "name": "GLSA-201705-15",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201705-15"
"name" : "FEDORA-2017-54580efa82", },
"refsource" : "FEDORA", {
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEXC4NNIG2QOZY6N2YUK246KI3D3UQO/" "name": "98745",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/98745"
"name" : "GLSA-201705-15", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201705-15" "name": "https://www.sudo.ws/alerts/linux_tty.html",
}, "refsource": "CONFIRM",
{ "url": "https://www.sudo.ws/alerts/linux_tty.html"
"name" : "RHSA-2017:1381", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:1381" "name": "20170602 Qualys Security Advisory - CVE-2017-1000367 in Sudo's get_process_ttyname() for Linux",
}, "refsource": "FULLDISC",
{ "url": "http://seclists.org/fulldisclosure/2017/Jun/3"
"name" : "RHSA-2017:1382", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:1382" "name": "FEDORA-2017-54580efa82",
}, "refsource": "FEDORA",
{ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEXC4NNIG2QOZY6N2YUK246KI3D3UQO/"
"name" : "SUSE-SU-2017:1446", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00077.html" "name": "RHSA-2017:1382",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:1382"
"name" : "SUSE-SU-2017:1450", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00078.html" "name": "http://packetstormsecurity.com/files/142783/Sudo-get_process_ttyname-Race-Condition.html",
}, "refsource": "MISC",
{ "url": "http://packetstormsecurity.com/files/142783/Sudo-get_process_ttyname-Race-Condition.html"
"name" : "openSUSE-SU-2017:1455", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00079.html" "name": "SUSE-SU-2017:1446",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00077.html"
"name" : "USN-3304-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-3304-1" "name": "SUSE-SU-2017:1450",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00078.html"
"name" : "98745", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/98745" "name": "DSA-3867",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2017/dsa-3867"
"name" : "1038582", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038582" "name": "openSUSE-SU-2017:1455",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00079.html"
} },
} {
"name": "42183",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42183/"
},
{
"name": "[oss-security] 20170530 Qualys Security Advisory - CVE-2017-1000367 in Sudo's get_process_ttyname() for Linux",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/05/30/16"
},
{
"name": "RHSA-2017:1381",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1381"
},
{
"name": "1038582",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038582"
}
]
}
}

178
2017/1xxx/CVE-2017-1318.json
View File

@ -1,91 +1,91 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-07-14T00:00:00", "DATE_PUBLIC": "2017-07-14T00:00:00",
"ID" : "CVE-2017-1318", "ID": "CVE-2017-1318",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "MQ Appliance", "product_name": "MQ Appliance",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "8.0" "version_value": "8.0"
}, },
{ {
"version_value" : "8.0.0.3" "version_value": "8.0.0.3"
}, },
{ {
"version_value" : "8.0.0.4" "version_value": "8.0.0.4"
}, },
{ {
"version_value" : "8.0.0.5" "version_value": "8.0.0.5"
}, },
{ {
"version_value" : "9.0.1" "version_value": "9.0.1"
}, },
{ {
"version_value" : "9.0.2" "version_value": "9.0.2"
}, },
{ {
"version_value" : "8.0.0.6" "version_value": "8.0.0.6"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution. IBM X-Force ID: 125730."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125730", "description_data": [
"refsource" : "MISC", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125730" "lang": "eng",
}, "value": "IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution. IBM X-Force ID: 125730."
{ }
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22003815", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22003815" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "99594", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99594" "lang": "eng",
} "value": "Gain Privileges"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22003815",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003815"
},
{
"name": "99594",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99594"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125730",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125730"
}
]
}
}

148
2017/1xxx/CVE-2017-1352.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-09-06T00:00:00", "DATE_PUBLIC": "2017-09-06T00:00:00",
"ID" : "CVE-2017-1352", "ID": "CVE-2017-1352",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Maximo Asset Management", "product_name": "Maximo Asset Management",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "7.5" "version_value": "7.5"
}, },
{ {
"version_value" : "7.6" "version_value": "7.6"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126538", "description_data": [
"refsource" : "MISC", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126538" "lang": "eng",
}, "value": "IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538."
{ }
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22006650", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22006650" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "100697", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/100697" "lang": "eng",
} "value": "Gain Privileges"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006650",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006650"
},
{
"name": "100697",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100697"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126538",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126538"
}
]
}
}

34
2017/1xxx/CVE-2017-1726.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-1726", "ID": "CVE-2017-1726",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/1xxx/CVE-2017-1814.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-1814", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-1814",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/1xxx/CVE-2017-1830.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-1830", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-1830",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/4xxx/CVE-2017-4550.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4550", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4550",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/4xxx/CVE-2017-4568.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4568", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4568",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/4xxx/CVE-2017-4763.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4763", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4763",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/5xxx/CVE-2017-5301.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5301", "ID": "CVE-2017-5301",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/5xxx/CVE-2017-5863.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5863", "ID": "CVE-2017-5863",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }