admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 21:51:20 +00:00
parent 8158d91995
commit 0ba4ad95c5
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
46 changed files with 3173 additions and 3173 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

128
2006/3xxx/CVE-2006-3227.json
View File

@ -1,116 +1,116 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3227",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3227",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Interpretation conflict between Internet Explorer and other web browsers such as Mozilla, Opera, and Firefox might allow remote attackers to modify the visual presentation of web pages and possibly bypass protection mechanisms such as content filters via ASCII characters with the 8th bit set, which could be stripped by Internet Explorer to render legible text, but not when using other browsers. NOTE: there has been significant discussion about this issue, and as of 20060625, it is not clear where the responsibility for this issue lies, although it might be due to vagueness within the associated standards. NOTE: this might only be exploitable with certain encodings."
"lang": "eng",
"value": "Interpretation conflict between Internet Explorer and other web browsers such as Mozilla, Opera, and Firefox might allow remote attackers to modify the visual presentation of web pages and possibly bypass protection mechanisms such as content filters via ASCII characters with the 8th bit set, which could be stripped by Internet Explorer to render legible text, but not when using other browsers. NOTE: there has been significant discussion about this issue, and as of 20060625, it is not clear where the responsibility for this issue lies, although it might be due to vagueness within the associated standards. NOTE: this might only be exploitable with certain encodings."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060621 Bypassing of web filters by using ASCII",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/437948/100/0/threaded"
"name": "20060621 Re: Bypassing of web filters by using ASCII",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438051/100/0/threaded"
},
{
"name" : "20060621 Re: Bypassing of web filters by using ASCII",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/438049/100/0/threaded"
"name": "ie-ascii-encoded-web-filter-bypass(27288)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27288"
},
{
"name" : "20060621 Re: Bypassing of web filters by using ASCII",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/438051/100/0/threaded"
"name": "20060623 Re: Bypassing of web filters by using ASCII",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438163/100/0/threaded"
},
{
"name" : "20060622 Re: Bypassing of web filters by using ASCII",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/438066/100/0/threaded"
"name": "20060626 Re: Bypassing of web filters by using ASCII",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438358/100/0/threaded"
},
{
"name" : "20060623 RE: Bypassing of web filters by using ASCII",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/438154/100/0/threaded"
"name": "20060622 Re: Bypassing of web filters by using ASCII",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438066/100/0/threaded"
},
{
"name" : "20060623 Re: Bypassing of web filters by using ASCII",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/438163/100/0/threaded"
"name": "20060621 Bypassing of web filters by using ASCII",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437948/100/0/threaded"
},
{
"name" : "20060626 RE: Bypassing of web filters by using ASCII",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/438359/100/0/threaded"
"name": "http://ha.ckers.org/blog/20060621/us-ascii-xss-part-2",
"refsource": "MISC",
"url": "http://ha.ckers.org/blog/20060621/us-ascii-xss-part-2"
},
{
"name" : "20060626 Re: Bypassing of web filters by using ASCII",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/438358/100/0/threaded"
"name": "20060621 Re: Bypassing of web filters by using ASCII",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438049/100/0/threaded"
},
{
"name" : "http://ha.ckers.org/blog/20060621/us-ascii-xss-part-2",
"refsource" : "MISC",
"url" : "http://ha.ckers.org/blog/20060621/us-ascii-xss-part-2"
"name": "http://ha.ckers.org/blog/20060621/malformed-ascii-bypasses-filters/",
"refsource": "MISC",
"url": "http://ha.ckers.org/blog/20060621/malformed-ascii-bypasses-filters/"
},
{
"name" : "http://ha.ckers.org/blog/20060621/malformed-ascii-bypasses-filters/",
"refsource" : "MISC",
"url" : "http://ha.ckers.org/blog/20060621/malformed-ascii-bypasses-filters/"
"name": "20060623 RE: Bypassing of web filters by using ASCII",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438154/100/0/threaded"
},
{
"name" : "28376",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28376"
"name": "20060626 RE: Bypassing of web filters by using ASCII",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438359/100/0/threaded"
},
{
"name" : "ie-ascii-encoded-web-filter-bypass(27288)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27288"
"name": "28376",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28376"
}
]
}

92
2006/3xxx/CVE-2006-3675.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3675",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3675",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Password Safe 2.11, 2.16 and 3.0BETA1 does not respect the configuration settings for locking the password database when certain dialogue windows are open, which might allow attackers with physical access to obtain the database contents."
"lang": "eng",
"value": "Password Safe 2.11, 2.16 and 3.0BETA1 does not respect the configuration settings for locking the password database when certain dialogue windows are open, which might allow attackers with physical access to obtain the database contents."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060721 SYMSA-2006-008:Password Safe - Lock Password Database Configuration Not Enforced",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/441040/100/0/threaded"
"name": "19078",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19078"
},
{
"name" : "http://www.symantec.com/enterprise/research/SYMSA-2006-008.txt",
"refsource" : "MISC",
"url" : "http://www.symantec.com/enterprise/research/SYMSA-2006-008.txt"
"name": "1016565",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016565"
},
{
"name" : "19078",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19078"
"name": "1308",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1308"
},
{
"name" : "1016565",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016565"
"name": "http://www.symantec.com/enterprise/research/SYMSA-2006-008.txt",
"refsource": "MISC",
"url": "http://www.symantec.com/enterprise/research/SYMSA-2006-008.txt"
},
{
"name" : "1308",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1308"
"name": "passwordsafe-lock-weak-security(27933)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27933"
},
{
"name" : "passwordsafe-lock-weak-security(27933)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27933"
"name": "20060721 SYMSA-2006-008:Password Safe - Lock Password Database Configuration Not Enforced",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441040/100/0/threaded"
}
]
}

92
2006/3xxx/CVE-2006-3758.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3758",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3758",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the _SERVER[HTTP_CLIENT_IP] parameter in archive/index.php."
"lang": "eng",
"value": "inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the _SERVER[HTTP_CLIENT_IP] parameter in archive/index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://myimei.com/security/2006-06-24/mybb104archive-modelight-parameter-extractionvarable-overwriting.html",
"refsource" : "MISC",
"url" : "http://myimei.com/security/2006-06-24/mybb104archive-modelight-parameter-extractionvarable-overwriting.html"
"name": "http://community.mybboard.net/showthread.php?tid=10115",
"refsource": "CONFIRM",
"url": "http://community.mybboard.net/showthread.php?tid=10115"
},
{
"name" : "http://community.mybboard.net/showthread.php?tid=10115",
"refsource" : "CONFIRM",
"url" : "http://community.mybboard.net/showthread.php?tid=10115"
"name": "http://www.mybboard.com/archive.php?nid=15",
"refsource": "CONFIRM",
"url": "http://www.mybboard.com/archive.php?nid=15"
},
{
"name" : "http://www.mybboard.com/archive.php?nid=15",
"refsource" : "CONFIRM",
"url" : "http://www.mybboard.com/archive.php?nid=15"
"name": "mybb-index-sql-injection(27445)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27445"
},
{
"name" : "26809",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26809"
"name": "26809",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26809"
},
{
"name" : "20873",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20873"
"name": "http://myimei.com/security/2006-06-24/mybb104archive-modelight-parameter-extractionvarable-overwriting.html",
"refsource": "MISC",
"url": "http://myimei.com/security/2006-06-24/mybb104archive-modelight-parameter-extractionvarable-overwriting.html"
},
{
"name" : "mybb-index-sql-injection(27445)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27445"
"name": "20873",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20873"
}
]
}

146
2006/3xxx/CVE-2006-3894.json
View File

@ -1,131 +1,131 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3894",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2006-3894",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries, as used by RSA BSAFE, multiple Cisco products, and other products, allows remote attackers to cause a denial of service via malformed ASN.1 objects."
"lang": "eng",
"value": "The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries, as used by RSA BSAFE, multiple Cisco products, and other products, allows remote attackers to cause a denial of service via malformed ASN.1 objects."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://jvn.jp/cert/JVNVU%23754281/index.html",
"refsource" : "CONFIRM",
"url" : "http://jvn.jp/cert/JVNVU%23754281/index.html"
"name": "http://jvn.jp/cert/JVNVU%23754281/index.html",
"refsource": "CONFIRM",
"url": "http://jvn.jp/cert/JVNVU%23754281/index.html"
},
{
"name" : "https://secure-support.novell.com/KanisaPlatform/Publishing/97/3590033_f.SAL_Public.html",
"refsource" : "CONFIRM",
"url" : "https://secure-support.novell.com/KanisaPlatform/Publishing/97/3590033_f.SAL_Public.html"
"name": "25364",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25364"
},
{
"name" : "20070522 Vulnerability In Crypto Library",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080847c5d.shtml"
"name": "ADV-2007-1945",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1945"
},
{
"name" : "VU#754281",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/754281"
"name": "25343",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25343"
},
{
"name" : "24104",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24104"
"name": "oval:org.mitre.oval:def:5778",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5778"
},
{
"name" : "35338",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35338"
"name": "ADV-2007-1909",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1909"
},
{
"name" : "oval:org.mitre.oval:def:5778",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5778"
"name": "20070522 Vulnerability In Crypto Library",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080847c5d.shtml"
},
{
"name" : "ADV-2007-1908",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1908"
"name": "24104",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24104"
},
{
"name" : "ADV-2007-1909",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1909"
"name": "VU#754281",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/754281"
},
{
"name" : "ADV-2007-1945",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1945"
"name": "ADV-2007-1908",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1908"
},
{
"name" : "1018095",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018095"
"name": "25399",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25399"
},
{
"name" : "25364",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25364"
"name": "1018095",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018095"
},
{
"name" : "25399",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25399"
"name": "https://secure-support.novell.com/KanisaPlatform/Publishing/97/3590033_f.SAL_Public.html",
"refsource": "CONFIRM",
"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/97/3590033_f.SAL_Public.html"
},
{
"name" : "25343",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25343"
"name": "35338",
"refsource": "OSVDB",
"url": "http://osvdb.org/35338"
},
{
"name" : "multiple-crypto-asn1-dos(34430)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34430"
"name": "multiple-crypto-asn1-dos(34430)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34430"
}
]
}

92
2006/4xxx/CVE-2006-4184.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4184",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4184",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SmartLine DeviceLock before 5.73 Build 305 does not properly enforce access control lists (ACL) in raw mode, which allows local users to bypass NTFS controls and obtain sensitive information."
"lang": "eng",
"value": "SmartLine DeviceLock before 5.73 Build 305 does not properly enforce access control lists (ACL) in raw mode, which allows local users to bypass NTFS controls and obtain sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060813 Local privilege Escalation in SmartLine DeviceLock 5.73",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/443193/100/0/threaded"
"name": "20060813 Local privilege Escalation in SmartLine DeviceLock 5.73",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443193/100/0/threaded"
},
{
"name" : "http://www.protect-me.com/dl/whatsnew.html",
"refsource" : "CONFIRM",
"url" : "http://www.protect-me.com/dl/whatsnew.html"
"name": "devicelock-acl-security-bypass(28384)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28384"
},
{
"name" : "19500",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19500"
"name": "1392",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1392"
},
{
"name" : "21494",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21494"
"name": "http://www.protect-me.com/dl/whatsnew.html",
"refsource": "CONFIRM",
"url": "http://www.protect-me.com/dl/whatsnew.html"
},
{
"name" : "1392",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1392"
"name": "21494",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21494"
},
{
"name" : "devicelock-acl-security-bypass(28384)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28384"
"name": "19500",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19500"
}
]
}

110
2006/4xxx/CVE-2006-4656.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4656",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4656",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in admin/editeur/spaw_control.class.php in Web Provence SL_Site 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in a third party product, SPAW Editor PHP Edition."
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in admin/editeur/spaw_control.class.php in Web Provence SL_Site 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in a third party product, SPAW Editor PHP Edition."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060907 SL_Site <= 1.0 [spaw_root] Remote File Include Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445520/100/0/threaded"
"name": "2317",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2317"
},
{
"name" : "2317",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2317"
"name": "slsite-spaw-file-include(28783)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28783"
},
{
"name" : "http://spaw.cvs.sourceforge.net/spaw/spaw/docs/ChangeLog.txt?view=markup",
"refsource" : "CONFIRM",
"url" : "http://spaw.cvs.sourceforge.net/spaw/spaw/docs/ChangeLog.txt?view=markup"
"name": "20060907 SL_Site <= 1.0 [spaw_root] Remote File Include Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445520/100/0/threaded"
},
{
"name" : "http://spaw.cvs.sourceforge.net/spaw/spaw/spaw_control.class.php?r1=1.19&r2=1.20",
"refsource" : "MISC",
"url" : "http://spaw.cvs.sourceforge.net/spaw/spaw/spaw_control.class.php?r1=1.19&r2=1.20"
"name": "http://spaw.cvs.sourceforge.net/spaw/spaw/spaw_control.class.php?r1=1.19&r2=1.20",
"refsource": "MISC",
"url": "http://spaw.cvs.sourceforge.net/spaw/spaw/spaw_control.class.php?r1=1.19&r2=1.20"
},
{
"name" : "http://spaw.cvs.sourceforge.net/spaw/spaw/spaw_control.class.php?r1=1.25&r2=1.26",
"refsource" : "MISC",
"url" : "http://spaw.cvs.sourceforge.net/spaw/spaw/spaw_control.class.php?r1=1.25&r2=1.26"
"name": "1522",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1522"
},
{
"name" : "19892",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19892"
"name": "19892",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19892"
},
{
"name" : "1016814",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016814"
"name": "http://spaw.cvs.sourceforge.net/spaw/spaw/spaw_control.class.php?r1=1.25&r2=1.26",
"refsource": "MISC",
"url": "http://spaw.cvs.sourceforge.net/spaw/spaw/spaw_control.class.php?r1=1.25&r2=1.26"
},
{
"name" : "1522",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1522"
"name": "http://spaw.cvs.sourceforge.net/spaw/spaw/docs/ChangeLog.txt?view=markup",
"refsource": "CONFIRM",
"url": "http://spaw.cvs.sourceforge.net/spaw/spaw/docs/ChangeLog.txt?view=markup"
},
{
"name" : "slsite-spaw-file-include(28783)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28783"
"name": "1016814",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016814"
}
]
}

80
2006/6xxx/CVE-2006-6584.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6584",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6584",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in italkplus (Italk+) before 0.92.1 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors."
"lang": "eng",
"value": "Multiple buffer overflows in italkplus (Italk+) before 0.92.1 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://italk.sourceforge.net/italk-sa-1.txt",
"refsource" : "CONFIRM",
"url" : "http://italk.sourceforge.net/italk-sa-1.txt"
"name": "http://italk.sourceforge.net/italk-sa-1.txt",
"refsource": "CONFIRM",
"url": "http://italk.sourceforge.net/italk-sa-1.txt"
},
{
"name" : "ADV-2006-5014",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/5014"
"name": "italkplus-unspecifiedbo(30900)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30900"
},
{
"name" : "23374",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23374"
"name": "23374",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23374"
},
{
"name" : "italkplus-unspecifiedbo(30900)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30900"
"name": "ADV-2006-5014",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5014"
}
]
}

86
2006/6xxx/CVE-2006-6723.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6723",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6723",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request."
"lang": "eng",
"value": "The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "3013",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3013"
"name": "3013",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3013"
},
{
"name" : "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2005/20051116",
"refsource" : "MISC",
"url" : "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2005/20051116"
"name": "23487",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23487"
},
{
"name" : "ADV-2006-5142",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/5142"
"name": "1017441",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017441"
},
{
"name" : "1017441",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017441"
"name": "ADV-2006-5142",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5142"
},
{
"name" : "23487",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23487"
"name": "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2005/20051116",
"refsource": "MISC",
"url": "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2005/20051116"
}
]
}

80
2006/6xxx/CVE-2006-6795.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6795",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6795",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in gallery/displayCategory.php in the My_eGallery 2.5.6 module in myPHPNuke (MPN) allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter."
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in gallery/displayCategory.php in the My_eGallery 2.5.6 module in myPHPNuke (MPN) allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://cyber-security.org/DataDetayAll.asp?Data_id=586",
"refsource" : "MISC",
"url" : "http://cyber-security.org/DataDetayAll.asp?Data_id=586"
"name": "myphpnuke-display-file-include(31136)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31136"
},
{
"name" : "3010",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3010"
"name": "http://cyber-security.org/DataDetayAll.asp?Data_id=586",
"refsource": "MISC",
"url": "http://cyber-security.org/DataDetayAll.asp?Data_id=586"
},
{
"name" : "21744",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21744"
"name": "3010",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3010"
},
{
"name" : "myphpnuke-display-file-include(31136)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31136"
"name": "21744",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21744"
}
]
}

134
2006/6xxx/CVE-2006-6939.json
View File

@ -1,121 +1,121 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6939",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6939",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function."
"lang": "eng",
"value": "GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://freshmeat.net/projects/ed/?branch_id=17855&release_id=240890",
"refsource" : "CONFIRM",
"url" : "http://freshmeat.net/projects/ed/?branch_id=17855&release_id=240890"
"name": "gnued-opensbuf-symlink(30374)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30374"
},
{
"name" : "https://issues.rpath.com/browse/RPL-962",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-962"
"name": "MDKSA-2007:023",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:023"
},
{
"name" : "FEDORA-2007-099",
"refsource" : "FEDORA",
"url" : "http://fedoranews.org/cms/node/2449"
"name": "2007-0005",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0005"
},
{
"name" : "FEDORA-2007-100",
"refsource" : "FEDORA",
"url" : "http://fedoranews.org/cms/node/2450"
"name": "23832",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23832"
},
{
"name" : "MDKSA-2007:023",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:023"
"name": "23857",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23857"
},
{
"name" : "2007-0005",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.org/errata/2007/0005"
"name": "FEDORA-2007-099",
"refsource": "FEDORA",
"url": "http://fedoranews.org/cms/node/2449"
},
{
"name" : "22129",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22129"
"name": "23848",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23848"
},
{
"name" : "ADV-2006-4573",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4573"
"name": "22129",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22129"
},
{
"name" : "23832",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23832"
"name": "FEDORA-2007-100",
"refsource": "FEDORA",
"url": "http://fedoranews.org/cms/node/2450"
},
{
"name" : "23848",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23848"
"name": "24054",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24054"
},
{
"name" : "23857",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23857"
"name": "ADV-2006-4573",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4573"
},
{
"name" : "24054",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24054"
"name": "http://freshmeat.net/projects/ed/?branch_id=17855&release_id=240890",
"refsource": "CONFIRM",
"url": "http://freshmeat.net/projects/ed/?branch_id=17855&release_id=240890"
},
{
"name" : "gnued-opensbuf-symlink(30374)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30374"
"name": "https://issues.rpath.com/browse/RPL-962",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-962"
}
]
}

92
2010/2xxx/CVE-2010-2168.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2168",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2168",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content, involving the newfunction (0x44) operator and an \"invalid pointer vulnerability\" that triggers memory corruption, a different vulnerability than CVE-2010-1285 and CVE-2010-2201."
"lang": "eng",
"value": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content, involving the newfunction (0x44) operator and an \"invalid pointer vulnerability\" that triggers memory corruption, a different vulnerability than CVE-2010-1285 and CVE-2010-2201."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20100630 VUPEN Security Research - Adobe Acrobat and Reader \"newfunction\" Memory Corruption Vulnerability (CVE-2010-2168)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/512096"
"name": "ADV-2010-1636",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1636"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-15.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-15.html"
"name": "http://www.adobe.com/support/security/bulletins/apsb10-15.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-15.html"
},
{
"name" : "41236",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41236"
"name": "41236",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41236"
},
{
"name" : "oval:org.mitre.oval:def:7167",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7167"
"name": "20100630 VUPEN Security Research - Adobe Acrobat and Reader \"newfunction\" Memory Corruption Vulnerability (CVE-2010-2168)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/512096"
},
{
"name" : "1024159",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024159"
"name": "1024159",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024159"
},
{
"name" : "ADV-2010-1636",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1636"
"name": "oval:org.mitre.oval:def:7167",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7167"
}
]
}

62
2010/2xxx/CVE-2010-2383.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2383",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-2383",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect confidentiality and integrity, related to NFS."
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect confidentiality and integrity, related to NFS."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
}
]
}

98
2010/2xxx/CVE-2010-2434.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2434",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2010-2434",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Buffer overflow in Arcext.dll 2.16.1 and earlier in pon software Explzh 5.62 and earlier allows remote attackers to execute arbitrary code via an LZH LHA file with a crafted header that is not properly handled during expansion."
"lang": "eng",
"value": "Buffer overflow in Arcext.dll 2.16.1 and earlier in pon software Explzh 5.62 and earlier allows remote attackers to execute arbitrary code via an LZH LHA file with a crafted header that is not properly handled during expansion."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.ponsoftware.com/archiver/bug.htm#lzh_bufover",
"refsource" : "CONFIRM",
"url" : "http://www.ponsoftware.com/archiver/bug.htm#lzh_bufover"
"name": "65666",
"refsource": "OSVDB",
"url": "http://osvdb.org/65666"
},
{
"name" : "JVN#34729123",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN34729123/index.html"
"name": "41025",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41025"
},
{
"name" : "JVNDB-2010-000026",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000026.html"
"name": "http://www.ponsoftware.com/archiver/bug.htm#lzh_bufover",
"refsource": "CONFIRM",
"url": "http://www.ponsoftware.com/archiver/bug.htm#lzh_bufover"
},
{
"name" : "41025",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41025"
"name": "40324",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40324"
},
{
"name" : "65666",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/65666"
"name": "JVNDB-2010-000026",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000026.html"
},
{
"name" : "40324",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40324"
"name": "explzh-lhaprocessing-bo(59624)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59624"
},
{
"name" : "explzh-lhaprocessing-bo(59624)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59624"
"name": "JVN#34729123",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN34729123/index.html"
}
]
}

140
2010/2xxx/CVE-2010-2498.json
View File

@ -1,126 +1,126 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2498",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2498",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation."
"lang": "eng",
"value": "The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[freetype] 20100712 FreeType 2.4.0 has been released",
"refsource" : "MLIST",
"url" : "http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html"
"name": "USN-963-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-963-1"
},
{
"name" : "[oss-security] 20100713 Multiple bugs in freetype",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127905701201340&w=2"
"name": "http://support.apple.com/kb/HT4435",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4435"
},
{
"name" : "[oss-security] 20100714 Re: Multiple bugs in freetype",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127909326909362&w=2"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=613160",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=613160"
},
{
"name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8d22746c9e5af80ff4304aef440986403a5072e2",
"refsource" : "CONFIRM",
"url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8d22746c9e5af80ff4304aef440986403a5072e2"
"name": "https://savannah.nongnu.org/bugs/?30106",
"refsource": "CONFIRM",
"url": "https://savannah.nongnu.org/bugs/?30106"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=613160",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=613160"
"name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8d22746c9e5af80ff4304aef440986403a5072e2",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8d22746c9e5af80ff4304aef440986403a5072e2"
},
{
"name" : "https://savannah.nongnu.org/bugs/?30106",
"refsource" : "CONFIRM",
"url" : "https://savannah.nongnu.org/bugs/?30106"
"name": "[freetype] 20100712 FreeType 2.4.0 has been released",
"refsource": "MLIST",
"url": "http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html"
},
{
"name" : "http://support.apple.com/kb/HT4435",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4435"
"name": "APPLE-SA-2010-11-10-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name" : "APPLE-SA-2010-11-10-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
"name": "[oss-security] 20100714 Re: Multiple bugs in freetype",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127909326909362&w=2"
},
{
"name" : "DSA-2070",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2070"
"name": "DSA-2070",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2070"
},
{
"name" : "MDVSA-2010:137",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:137"
"name": "[oss-security] 20100713 Multiple bugs in freetype",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127905701201340&w=2"
},
{
"name" : "RHSA-2010:0578",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0578.html"
"name": "1024266",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024266"
},
{
"name" : "USN-963-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-963-1"
"name": "RHSA-2010:0578",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0578.html"
},
{
"name" : "1024266",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024266"
"name": "MDVSA-2010:137",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:137"
},
{
"name" : "48951",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48951"
"name": "48951",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48951"
}
]
}

22
2010/3xxx/CVE-2010-3671.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3671",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3671",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2011/0xxx/CVE-2011-0190.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0190",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-0190",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Install Helper in Installer in Apple Mac OS X before 10.6.7 does not properly process an unspecified URL, which might allow remote attackers to track user logins by logging network traffic from an agent that was intended to send network traffic to an Apple server."
"lang": "eng",
"value": "Install Helper in Installer in Apple Mac OS X before 10.6.7 does not properly process an unspecified URL, which might allow remote attackers to track user logins by logging network traffic from an agent that was intended to send network traffic to an Apple server."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://support.apple.com/kb/HT4581",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4581"
"name": "APPLE-SA-2011-03-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name" : "APPLE-SA-2011-03-21-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
"name": "http://support.apple.com/kb/HT4581",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4581"
}
]
}

98
2011/0xxx/CVE-2011-0322.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0322",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2011-0322",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in EMC RSA Access Manager Server 5.5.x, 6.0.x, and 6.1.x allows remote attackers to access resources via unknown vectors."
"lang": "eng",
"value": "Unspecified vulnerability in EMC RSA Access Manager Server 5.5.x, 6.0.x, and 6.1.x allows remote attackers to access resources via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20110315 ESA-2011-009: RSA, The Security Division of EMC, announces a fix for potential security vulnerability in RSA Access Manager Server",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/517023/100/0/threaded"
"name": "43796",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43796"
},
{
"name" : "46875",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46875"
"name": "8142",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8142"
},
{
"name" : "1025214",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025214"
"name": "1025214",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025214"
},
{
"name" : "43796",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43796"
"name": "46875",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46875"
},
{
"name" : "8142",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8142"
"name": "20110315 ESA-2011-009: RSA, The Security Division of EMC, announces a fix for potential security vulnerability in RSA Access Manager Server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517023/100/0/threaded"
},
{
"name" : "ADV-2011-0676",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0676"
"name": "ADV-2011-0676",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0676"
},
{
"name" : "rsa-unspecified-security-bypass(66104)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66104"
"name": "rsa-unspecified-security-bypass(66104)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66104"
}
]
}

68
2011/0xxx/CVE-2011-0664.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0664",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-0664",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka \".NET Framework Array Offset Vulnerability.\""
"lang": "eng",
"value": "Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka \".NET Framework Array Offset Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "MS11-039",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-039"
"name": "oval:org.mitre.oval:def:12105",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12105"
},
{
"name" : "oval:org.mitre.oval:def:12105",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12105"
"name": "MS11-039",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-039"
}
]
}

22
2011/1xxx/CVE-2011-1136.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1136",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1136",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

92
2011/1xxx/CVE-2011-1286.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1286",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1286",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Google V8, as used in Google Chrome before 10.0.648.127, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger incorrect access to memory."
"lang": "eng",
"value": "Google V8, as used in Google Chrome before 10.0.648.127, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger incorrect access to memory."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=74675",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=74675"
"name": "http://code.google.com/p/chromium/issues/detail?id=74675",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=74675"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html"
"name": "46785",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46785"
},
{
"name" : "46785",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46785"
"name": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html"
},
{
"name" : "oval:org.mitre.oval:def:14455",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14455"
"name": "google-memory-info-discloure(65970)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65970"
},
{
"name" : "ADV-2011-0628",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0628"
"name": "oval:org.mitre.oval:def:14455",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14455"
},
{
"name" : "google-memory-info-discloure(65970)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65970"
"name": "ADV-2011-0628",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0628"
}
]
}

134
2011/1xxx/CVE-2011-1473.json
View File

@ -1,121 +1,121 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1473",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1473",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment."
"lang": "eng",
"value": "** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
"name": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html",
"refsource": "MISC",
"url": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html"
},
{
"name" : "[oss-security] 20110708 SSL renegotiation DoS CVE-2011-1473",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/07/08/2"
"name": "[tls] 20110315 Re: SSL Renegotiation DOS",
"refsource": "MLIST",
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html"
},
{
"name" : "[tls] 20110315 Re: SSL Renegotiation DOS",
"refsource" : "MLIST",
"url" : "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html"
"name": "[tls] 20110318 Re: SSL Renegotiation DOS",
"refsource": "MLIST",
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html"
},
{
"name" : "[tls] 20110315 Re: SSL Renegotiation DOS",
"refsource" : "MLIST",
"url" : "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=707065",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=707065"
},
{
"name" : "[tls] 20110315 SSL Renegotiation DOS",
"refsource" : "MLIST",
"url" : "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html"
"name": "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
},
{
"name" : "[tls] 20110318 Re: SSL Renegotiation DOS",
"refsource" : "MLIST",
"url" : "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html"
"name": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html",
"refsource": "MISC",
"url": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html"
},
{
"name" : "[tls] 20110318 Re: SSL Renegotiation DOS",
"refsource" : "MLIST",
"url" : "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html"
"name": "[oss-security] 20110708 SSL renegotiation DoS CVE-2011-1473",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/07/08/2"
},
{
"name" : "http://orchilles.com/2011/03/ssl-renegotiation-dos.html",
"refsource" : "MISC",
"url" : "http://orchilles.com/2011/03/ssl-renegotiation-dos.html"
"name": "SSRT100852",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133951357207000&w=2"
},
{
"name" : "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html",
"refsource" : "MISC",
"url" : "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html"
"name": "[tls] 20110318 Re: SSL Renegotiation DOS",
"refsource": "MLIST",
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html"
},
{
"name" : "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html",
"refsource" : "MISC",
"url" : "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html"
"name": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html",
"refsource": "MISC",
"url": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=707065",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=707065"
"name": "HPSBMU02776",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133951357207000&w=2"
},
{
"name" : "HPSBMU02776",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133951357207000&w=2"
"name": "[tls] 20110315 SSL Renegotiation DOS",
"refsource": "MLIST",
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html"
},
{
"name" : "SSRT100852",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133951357207000&w=2"
"name": "[tls] 20110315 Re: SSL Renegotiation DOS",
"refsource": "MLIST",
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html"
}
]
}

68
2011/1xxx/CVE-2011-1962.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1962",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-1962",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 through 9 does not properly handle unspecified character sequences, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers \"inactive filtering,\" aka \"Shift JIS Character Encoding Vulnerability.\""
"lang": "eng",
"value": "Microsoft Internet Explorer 6 through 9 does not properly handle unspecified character sequences, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers \"inactive filtering,\" aka \"Shift JIS Character Encoding Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "MS11-057",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-057"
"name": "MS11-057",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-057"
},
{
"name" : "oval:org.mitre.oval:def:12657",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12657"
"name": "oval:org.mitre.oval:def:12657",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12657"
}
]
}

80
2014/2xxx/CVE-2014-2573.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2573",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2573",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image."
"lang": "eng",
"value": "The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20140321 CVE request for vulnerability in OpenStack Nova",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/03/21/1"
"name": "[oss-security] 20140321 Re: CVE request for vulnerability in OpenStack Nova",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/03/21/2"
},
{
"name" : "[oss-security] 20140321 Re: CVE request for vulnerability in OpenStack Nova",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/03/21/2"
"name": "57498",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57498"
},
{
"name" : "https://bugs.launchpad.net/nova/+bug/1269418",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/nova/+bug/1269418"
"name": "https://bugs.launchpad.net/nova/+bug/1269418",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/nova/+bug/1269418"
},
{
"name" : "57498",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57498"
"name": "[oss-security] 20140321 CVE request for vulnerability in OpenStack Nova",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/03/21/1"
}
]
}

80
2014/2xxx/CVE-2014-2786.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2786",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-2786",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2792 and CVE-2014-2813."
"lang": "eng",
"value": "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2792 and CVE-2014-2813."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "MS14-037",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037"
"name": "68371",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68371"
},
{
"name" : "68371",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68371"
"name": "MS14-037",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037"
},
{
"name" : "1030532",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030532"
"name": "59775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59775"
},
{
"name" : "59775",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59775"
"name": "1030532",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030532"
}
]
}

62
2014/3xxx/CVE-2014-3045.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3045",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3045",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM Scale Out Network Attached Storage (SONAS) 1.3.x and 1.4.x before 1.4.3.3 places an administrative password in the shell history upon use of the -p option to chuser, which allows local users to obtain sensitive information by leveraging root access."
"lang": "eng",
"value": "IBM Scale Out Network Attached Storage (SONAS) 1.3.x and 1.4.x before 1.4.3.3 places an administrative password in the shell history upon use of the -p option to chuser, which allows local users to obtain sensitive information by leveraging root access."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004815",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004815"
"name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004815",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004815"
}
]
}

80
2014/3xxx/CVE-2014-3275.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3275",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3275",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCul21337."
"lang": "eng",
"value": "SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCul21337."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34328",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34328"
"name": "67555",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67555"
},
{
"name" : "20140521 Cisco ISE Blind SQL Injection Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3275"
"name": "20140521 Cisco ISE Blind SQL Injection Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3275"
},
{
"name" : "67555",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67555"
"name": "1030273",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030273"
},
{
"name" : "1030273",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030273"
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34328",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34328"
}
]
}

62
2014/3xxx/CVE-2014-3393.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3393",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3393",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.14), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), and 9.2 before 9.2(2.4) does not properly implement authentication, which allows remote attackers to modify RAMFS customization objects via unspecified vectors, as demonstrated by inserting XSS sequences or capturing credentials, aka Bug ID CSCup36829."
"lang": "eng",
"value": "The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.14), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), and 9.2 before 9.2(2.4) does not properly implement authentication, which allows remote attackers to modify RAMFS customization objects via unspecified vectors, as demonstrated by inserting XSS sequences or capturing credentials, aka Bug ID CSCup36829."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20141008 Multiple Vulnerabilities in Cisco ASA Software",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa"
"name": "20141008 Multiple Vulnerabilities in Cisco ASA Software",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa"
}
]
}

22
2014/6xxx/CVE-2014-6218.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6218",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6218",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2014/6xxx/CVE-2014-6538.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6538",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-6538",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4294, CVE-2014-4295, and CVE-2014-6563."
"lang": "eng",
"value": "Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4294, CVE-2014-4295, and CVE-2014-6563."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
"name": "70495",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70495"
},
{
"name" : "70495",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70495"
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
}
]
}

74
2014/6xxx/CVE-2014-6919.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6919",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6919",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Metalcasting Newsstand (aka air.com.yudu.ReaderAIR3017071) application 3.12.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
"lang": "eng",
"value": "The Metalcasting Newsstand (aka air.com.yudu.ReaderAIR3017071) application 3.12.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#542369",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/542369"
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
"name": "VU#542369",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/542369"
}
]
}

74
2014/7xxx/CVE-2014-7041.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7041",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7041",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The SimGene (aka com.japanbioinformatics.simgene) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
"lang": "eng",
"value": "The SimGene (aka com.japanbioinformatics.simgene) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
"name": "VU#373233",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/373233"
},
{
"name" : "VU#373233",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/373233"
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}

98
2014/7xxx/CVE-2014-7176.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7176",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7176",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Enalean Tuleap before 7.5.99.4 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman."
"lang": "eng",
"value": "SQL injection vulnerability in Enalean Tuleap before 7.5.99.4 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "35098",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/35098"
"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-7176/",
"refsource": "MISC",
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-7176/"
},
{
"name" : "20141028 CVE-2014-7176 - Authenticated Blind SQL Injection in Enalean Tuleap",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Oct/119"
"name": "35098",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35098"
},
{
"name" : "http://packetstormsecurity.com/files/128875/Tuleap-7.4.99.5-Blind-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/128875/Tuleap-7.4.99.5-Blind-SQL-Injection.html"
"name": "20141028 CVE-2014-7176 - Authenticated Blind SQL Injection in Enalean Tuleap",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/119"
},
{
"name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-7176/",
"refsource" : "MISC",
"url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-7176/"
"name": "70773",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70773"
},
{
"name" : "https://www.tuleap.org/recent-vulnerabilities",
"refsource" : "CONFIRM",
"url" : "https://www.tuleap.org/recent-vulnerabilities"
"name": "tuleap-cve20147176-sql-injection(98307)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98307"
},
{
"name" : "70773",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70773"
"name": "https://www.tuleap.org/recent-vulnerabilities",
"refsource": "CONFIRM",
"url": "https://www.tuleap.org/recent-vulnerabilities"
},
{
"name" : "tuleap-cve20147176-sql-injection(98307)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98307"
"name": "http://packetstormsecurity.com/files/128875/Tuleap-7.4.99.5-Blind-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128875/Tuleap-7.4.99.5-Blind-SQL-Injection.html"
}
]
}

74
2014/7xxx/CVE-2014-7633.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7633",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7633",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Dino Zoo (aka com.tappocket.dinozoostar) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
"lang": "eng",
"value": "The Dino Zoo (aka com.tappocket.dinozoostar) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
"name": "VU#371913",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/371913"
},
{
"name" : "VU#371913",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/371913"
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}

74
2014/7xxx/CVE-2014-7670.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7670",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7670",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Motor Town: Machine Soul Free (aka com.alawar.motortownfree) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
"lang": "eng",
"value": "The Motor Town: Machine Soul Free (aka com.alawar.motortownfree) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
"name": "VU#237713",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/237713"
},
{
"name" : "VU#237713",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/237713"
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}

22
2014/7xxx/CVE-2014-7790.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7790",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-7790",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}

22
2014/8xxx/CVE-2014-8184.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8184",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8184",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2016/2xxx/CVE-2016-2394.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2394",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2394",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

212
2016/2xxx/CVE-2016-2791.json
View File

@ -1,186 +1,186 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2791",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-2791",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font."
"lang": "eng",
"value": "The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html"
"name": "openSUSE-SU-2016:0894",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1243473",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1243473"
"name": "84222",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84222"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
"name": "SUSE-SU-2016:0820",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"name" : "DSA-3510",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3510"
"name": "openSUSE-SU-2016:1767",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
},
{
"name" : "DSA-3515",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3515"
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name" : "DSA-3520",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3520"
"name": "openSUSE-SU-2016:0731",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"name" : "GLSA-201605-06",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201605-06"
"name": "SUSE-SU-2016:0727",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"name" : "GLSA-201701-63",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-63"
"name": "openSUSE-SU-2016:1778",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
},
{
"name" : "openSUSE-SU-2016:0894",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
"name": "openSUSE-SU-2016:0876",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
},
{
"name" : "openSUSE-SU-2016:1767",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
"name": "USN-2917-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2917-1"
},
{
"name" : "openSUSE-SU-2016:1769",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
"name": "USN-2927-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2927-1"
},
{
"name" : "openSUSE-SU-2016:1778",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
"name": "DSA-3520",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3520"
},
{
"name" : "SUSE-SU-2016:0909",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
"name": "openSUSE-SU-2016:1769",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
},
{
"name" : "SUSE-SU-2016:0727",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
"name": "SUSE-SU-2016:0909",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"name" : "SUSE-SU-2016:0777",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
"name": "DSA-3510",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3510"
},
{
"name" : "openSUSE-SU-2016:0731",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
"name": "openSUSE-SU-2016:0733",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"name" : "openSUSE-SU-2016:0733",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html"
},
{
"name" : "SUSE-SU-2016:0820",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
"name": "1035215",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name" : "openSUSE-SU-2016:0876",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
"name": "SUSE-SU-2016:0777",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"name" : "USN-2917-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2917-2"
"name": "GLSA-201605-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name" : "USN-2917-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2917-3"
"name": "DSA-3515",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3515"
},
{
"name" : "USN-2934-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2934-1"
"name": "USN-2934-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2934-1"
},
{
"name" : "USN-2917-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2917-1"
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243473",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243473"
},
{
"name" : "USN-2927-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2927-1"
"name": "GLSA-201701-63",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-63"
},
{
"name" : "84222",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/84222"
"name": "USN-2917-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2917-2"
},
{
"name" : "1035215",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035215"
"name": "USN-2917-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2917-3"
}
]
}

22
2017/1xxx/CVE-2017-1492.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1492",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1492",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2017/1xxx/CVE-2017-1645.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1645",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1645",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2017/1xxx/CVE-2017-1838.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1838",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-1838",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}

22
2017/1xxx/CVE-2017-1911.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1911",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-1911",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}

22
2017/1xxx/CVE-2017-1974.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1974",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-1974",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}

92
2017/5xxx/CVE-2017-5079.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-5079",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5079",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Google Chrome prior to 59.0.3071.86 for Mac, Windows and Linux, and 59.0.3071.92 for Android",
"version" : {
"version_data" : [
"product_name": "Google Chrome prior to 59.0.3071.86 for Mac, Windows and Linux, and 59.0.3071.92 for Android",
"version": {
"version_data": [
{
"version_value" : "Google Chrome prior to 59.0.3071.86 for Mac, Windows and Linux, and 59.0.3071.92 for Android"
"version_value": "Google Chrome prior to 59.0.3071.86 for Mac, Windows and Linux, and 59.0.3071.92 for Android"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page."
"lang": "eng",
"value": "Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Inappropriate implementation"
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html",
"refsource" : "MISC",
"url" : "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html"
"name": "98861",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98861"
},
{
"name" : "https://crbug.com/713686",
"refsource" : "MISC",
"url" : "https://crbug.com/713686"
"name": "RHSA-2017:1399",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1399"
},
{
"name" : "GLSA-201706-20",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201706-20"
"name": "1038622",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038622"
},
{
"name" : "RHSA-2017:1399",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1399"
"name": "GLSA-201706-20",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-20"
},
{
"name" : "98861",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98861"
"name": "https://crbug.com/713686",
"refsource": "MISC",
"url": "https://crbug.com/713686"
},
{
"name" : "1038622",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038622"
"name": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html"
}
]
}

68
2017/5xxx/CVE-2017-5153.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2017-5153",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-5153",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "OSIsoft PI Coresight and PI Web API",
"version" : {
"version_data" : [
"product_name": "OSIsoft PI Coresight and PI Web API",
"version": {
"version_data": [
{
"version_value" : "OSIsoft PI Coresight and PI Web API"
"version_value": "OSIsoft PI Coresight and PI Web API"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords to become exposed for the affected services, potentially leading to unauthorized shutdown of the affected PI services as well as potential reuse of domain credentials."
"lang": "eng",
"value": "An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords to become exposed for the affected services, potentially leading to unauthorized shutdown of the affected PI services as well as potential reuse of domain credentials."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "OSIsoft PI Coresight and PI Web API information exposure"
"lang": "eng",
"value": "OSIsoft PI Coresight and PI Web API information exposure"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-010-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-010-01"
"name": "95355",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95355"
},
{
"name" : "95355",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95355"
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-010-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-010-01"
}
]
}

76
2017/5xxx/CVE-2017-5801.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security-alert@hpe.com",
"DATE_PUBLIC" : "2017-04-04T00:00:00",
"ID" : "CVE-2017-5801",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2017-04-04T00:00:00",
"ID": "CVE-2017-5801",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Business Process Monitor",
"version" : {
"version_data" : [
"product_name": "Business Process Monitor",
"version": {
"version_data": [
{
"version_value" : "v09.2x, v09.30"
"version_value": "v09.2x, v09.30"
}
]
}
}
]
},
"vendor_name" : "Hewlett Packard Enterprise"
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A Remote Unauthorized Access to Data vulnerability in HPE Business Process Monitor version v09.2x, v09.30 was found."
"lang": "eng",
"value": "A Remote Unauthorized Access to Data vulnerability in HPE Business Process Monitor version v09.2x, v09.30 was found."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Remote Unauthorized Access to Data"
"lang": "eng",
"value": "Remote Unauthorized Access to Data"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03727en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03727en_us"
"name": "97386",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97386"
},
{
"name" : "97386",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97386"
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03727en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03727en_us"
},
{
"name" : "1038176",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038176"
"name": "1038176",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038176"
}
]
}