admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 04:03:25 +00:00
parent f5bc750717
commit 0c03322d2e
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
55 changed files with 4472 additions and 4472 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
2006/0xxx/CVE-2006-0380.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0380",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A logic error in FreeBSD kernel 5.4-STABLE and 6.0 causes the kernel to calculate an incorrect buffer length, which causes more data to be copied to userland than intended, which could allow local users to read portions of kernel memory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2006-0380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "FreeBSD-SA-06:06",
"refsource" : "FREEBSD",
"url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:06.kmem.asc"
},
{
"name" : "16373",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16373"
},
{
"name" : "22731",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22731"
},
{
"name" : "1015541",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015541"
},
{
"name" : "18599",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18599"
},
{
"name" : "bsd-buffer-length-disclosure(24340)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24340"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A logic error in FreeBSD kernel 5.4-STABLE and 6.0 causes the kernel to calculate an incorrect buffer length, which causes more data to be copied to userland than intended, which could allow local users to read portions of kernel memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-06:06",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:06.kmem.asc"
},
{
"name": "18599",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18599"
},
{
"name": "1015541",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015541"
},
{
"name": "22731",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22731"
},
{
"name": "bsd-buffer-length-disclosure(24340)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24340"
},
{
"name": "16373",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16373"
}
]
}
}

180
2006/0xxx/CVE-2006-0522.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0522",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Authentication Servlet in Symantec Sygate Management Server (SMS) version 4.1 build 1417 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via unknown attack vectors related to a URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://securityresponse.symantec.com/avcenter/security/Content/2006.02.01.html",
"refsource" : "CONFIRM",
"url" : "http://securityresponse.symantec.com/avcenter/security/Content/2006.02.01.html"
},
{
"name" : "16452",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16452"
},
{
"name" : "ADV-2006-0402",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0402"
},
{
"name" : "22883",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22883"
},
{
"name" : "1015561",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015561"
},
{
"name" : "18689",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18689"
},
{
"name" : "symantec-sms-sql-injection(24413)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24413"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Authentication Servlet in Symantec Sygate Management Server (SMS) version 4.1 build 1417 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via unknown attack vectors related to a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015561",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015561"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.02.01.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.02.01.html"
},
{
"name": "16452",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16452"
},
{
"name": "18689",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18689"
},
{
"name": "symantec-sms-sql-injection(24413)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24413"
},
{
"name": "22883",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22883"
},
{
"name": "ADV-2006-0402",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0402"
}
]
}
}

200
2006/0xxx/CVE-2006-0899.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0899",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in 4Images 1.7.1 and earlier allows remote attackers to read and include arbitrary files via \"..\" (dot dot) sequences in the template parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060301 4images <=1.7.1 remote code execution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/426468/100/0/threaded"
},
{
"name" : "1533",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1533"
},
{
"name" : "http://retrogod.altervista.org/4images_171_adv.html",
"refsource" : "MISC",
"url" : "http://retrogod.altervista.org/4images_171_adv.html"
},
{
"name" : "16855",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16855"
},
{
"name" : "ADV-2006-0754",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0754"
},
{
"name" : "23529",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23529"
},
{
"name" : "19026",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19026"
},
{
"name" : "518",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/518"
},
{
"name" : "4images-template-file-include(24938)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24938"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in 4Images 1.7.1 and earlier allows remote attackers to read and include arbitrary files via \"..\" (dot dot) sequences in the template parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19026",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19026"
},
{
"name": "4images-template-file-include(24938)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24938"
},
{
"name": "1533",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1533"
},
{
"name": "518",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/518"
},
{
"name": "http://retrogod.altervista.org/4images_171_adv.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/4images_171_adv.html"
},
{
"name": "20060301 4images <=1.7.1 remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426468/100/0/threaded"
},
{
"name": "23529",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23529"
},
{
"name": "ADV-2006-0754",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0754"
},
{
"name": "16855",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16855"
}
]
}
}

200
2006/0xxx/CVE-2006-0998.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0998",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) sometimes selects a weak cipher instead of an available stronger cipher, which makes it easier for remote attackers to sniff and decrypt an SSL protected session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0998",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?10100633.htm",
"refsource" : "CONFIRM",
"url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?10100633.htm"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name" : "17176",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17176"
},
{
"name" : "64758",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64758"
},
{
"name" : "ADV-2006-1043",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1043"
},
{
"name" : "24047",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24047"
},
{
"name" : "1015799",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015799"
},
{
"name" : "19324",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19324"
},
{
"name" : "netware-nile-weak-encryption(25381)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25381"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) sometimes selects a weak cipher instead of an available stronger cipher, which makes it easier for remote attackers to sniff and decrypt an SSL protected session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1043",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1043"
},
{
"name": "1015799",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015799"
},
{
"name": "24047",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24047"
},
{
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?10100633.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?10100633.htm"
},
{
"name": "netware-nile-weak-encryption(25381)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25381"
},
{
"name": "19324",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19324"
},
{
"name": "64758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64758"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name": "17176",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17176"
}
]
}
}

290
2006/1xxx/CVE-2006-1537.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1537",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Craig Knudsen WebCalendar 1.1.0-CVS allows remote attackers to obtain sensitive information via a direct request to (1) includes/index.php, (2) tests/add_duration_test.php, (3) tests/all_tests.php, (4) groups.php, (5) nonusers.php, (6) includes/settings.php, (7) includes/init.php, (8) includes/settings.php.orig, (9) includes/js/admin.php, (10) includes/js/edit_entry.php, (11) includes/js/edit_layer.php, (12) includes/js/export_import.php, (13) includes/js/popups.php, (14) includes/js/pref.php, or (15) includes/menu/index.php, which reveal the path in various error messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060329 Full path disclosure in Webcalendar 1.1.0-CVS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/429267/100/0/threaded"
},
{
"name" : "24522",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24522"
},
{
"name" : "24523",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24523"
},
{
"name" : "24524",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24524"
},
{
"name" : "24525",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24525"
},
{
"name" : "24526",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24526"
},
{
"name" : "24527",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24527"
},
{
"name" : "24528",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24528"
},
{
"name" : "24529",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24529"
},
{
"name" : "24530",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24530"
},
{
"name" : "24531",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24531"
},
{
"name" : "24532",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24532"
},
{
"name" : "24533",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24533"
},
{
"name" : "24534",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24534"
},
{
"name" : "24535",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24535"
},
{
"name" : "24536",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24536"
},
{
"name" : "651",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/651"
},
{
"name" : "webcalendar-multiple-path-disclosure(25539)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25539"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Craig Knudsen WebCalendar 1.1.0-CVS allows remote attackers to obtain sensitive information via a direct request to (1) includes/index.php, (2) tests/add_duration_test.php, (3) tests/all_tests.php, (4) groups.php, (5) nonusers.php, (6) includes/settings.php, (7) includes/init.php, (8) includes/settings.php.orig, (9) includes/js/admin.php, (10) includes/js/edit_entry.php, (11) includes/js/edit_layer.php, (12) includes/js/export_import.php, (13) includes/js/popups.php, (14) includes/js/pref.php, or (15) includes/menu/index.php, which reveal the path in various error messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24523",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24523"
},
{
"name": "24535",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24535"
},
{
"name": "651",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/651"
},
{
"name": "24534",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24534"
},
{
"name": "24526",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24526"
},
{
"name": "20060329 Full path disclosure in Webcalendar 1.1.0-CVS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/429267/100/0/threaded"
},
{
"name": "24531",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24531"
},
{
"name": "24529",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24529"
},
{
"name": "24524",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24524"
},
{
"name": "24528",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24528"
},
{
"name": "24525",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24525"
},
{
"name": "webcalendar-multiple-path-disclosure(25539)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25539"
},
{
"name": "24533",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24533"
},
{
"name": "24532",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24532"
},
{
"name": "24530",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24530"
},
{
"name": "24527",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24527"
},
{
"name": "24522",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24522"
},
{
"name": "24536",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24536"
}
]
}
}

130
2006/1xxx/CVE-2006-1783.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1783",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in PatroNet CMS allows remote attackers to inject arbitrary web script or HTML via the URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060412 PatroNet CMS Xss Vuln",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/430868/100/0/threaded"
},
{
"name" : "17495",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17495"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in PatroNet CMS allows remote attackers to inject arbitrary web script or HTML via the URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060412 PatroNet CMS Xss Vuln",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430868/100/0/threaded"
},
{
"name": "17495",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17495"
}
]
}
}

440
2006/3xxx/CVE-2006-3082.json
View File

@ -1,222 +1,222 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3082",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060629 rPSA-2006-0120-1 gnupg",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/438751/100/0/threaded"
},
{
"name" : "20060531 GnuPG fun",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/lists/fulldisclosure/2006/May/0774.html"
},
{
"name" : "20060601 Re: GnuPG fun",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/lists/fulldisclosure/2006/May/0789.html"
},
{
"name" : "20060531 RE: GnuPG fun",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/lists/fulldisclosure/2006/May/0782.html"
},
{
"name" : "http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/parse-packet.c?rev=4157&r1=4141&r2=4157",
"refsource" : "CONFIRM",
"url" : "http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/parse-packet.c?rev=4157&r1=4141&r2=4157"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-167.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-167.htm"
},
{
"name" : "DSA-1107",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1107"
},
{
"name" : "DSA-1115",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1115"
},
{
"name" : "MDKSA-2006:110",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:110"
},
{
"name" : "OpenPKG-SA-2006.010",
"refsource" : "OPENPKG",
"url" : "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.010.html"
},
{
"name" : "RHSA-2006:0571",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0571.html"
},
{
"name" : "20060701-01-U",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U"
},
{
"name" : "SSA:2006-178-02",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.457382"
},
{
"name" : "SUSE-SR:2006:015",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_38_security.html"
},
{
"name" : "SUSE-SR:2006:018",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_18_sr.html"
},
{
"name" : "USN-304-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/304-1/"
},
{
"name" : "18554",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18554"
},
{
"name" : "oval:org.mitre.oval:def:10089",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10089"
},
{
"name" : "ADV-2006-2450",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2450"
},
{
"name" : "1016519",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016519"
},
{
"name" : "20783",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20783"
},
{
"name" : "20829",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20829"
},
{
"name" : "20801",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20801"
},
{
"name" : "20811",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20811"
},
{
"name" : "20881",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20881"
},
{
"name" : "20899",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20899"
},
{
"name" : "20968",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20968"
},
{
"name" : "21063",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21063"
},
{
"name" : "21143",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21143"
},
{
"name" : "21137",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21137"
},
{
"name" : "21135",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21135"
},
{
"name" : "21585",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21585"
},
{
"name" : "gnupg-parsepacket-bo(27245)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27245"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20899",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20899"
},
{
"name": "oval:org.mitre.oval:def:10089",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10089"
},
{
"name": "20968",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20968"
},
{
"name": "20881",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20881"
},
{
"name": "http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/parse-packet.c?rev=4157&r1=4141&r2=4157",
"refsource": "CONFIRM",
"url": "http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/parse-packet.c?rev=4157&r1=4141&r2=4157"
},
{
"name": "20060629 rPSA-2006-0120-1 gnupg",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438751/100/0/threaded"
},
{
"name": "20783",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20783"
},
{
"name": "DSA-1107",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1107"
},
{
"name": "20811",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20811"
},
{
"name": "SUSE-SR:2006:018",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_18_sr.html"
},
{
"name": "20060531 RE: GnuPG fun",
"refsource": "FULLDISC",
"url": "http://seclists.org/lists/fulldisclosure/2006/May/0782.html"
},
{
"name": "21063",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21063"
},
{
"name": "21135",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21135"
},
{
"name": "20829",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20829"
},
{
"name": "ADV-2006-2450",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2450"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-167.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-167.htm"
},
{
"name": "20060601 Re: GnuPG fun",
"refsource": "FULLDISC",
"url": "http://seclists.org/lists/fulldisclosure/2006/May/0789.html"
},
{
"name": "20801",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20801"
},
{
"name": "20060531 GnuPG fun",
"refsource": "FULLDISC",
"url": "http://seclists.org/lists/fulldisclosure/2006/May/0774.html"
},
{
"name": "18554",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18554"
},
{
"name": "USN-304-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/304-1/"
},
{
"name": "SUSE-SR:2006:015",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_38_security.html"
},
{
"name": "RHSA-2006:0571",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0571.html"
},
{
"name": "MDKSA-2006:110",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:110"
},
{
"name": "DSA-1115",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1115"
},
{
"name": "OpenPKG-SA-2006.010",
"refsource": "OPENPKG",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.010.html"
},
{
"name": "20060701-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U"
},
{
"name": "21137",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21137"
},
{
"name": "21143",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21143"
},
{
"name": "21585",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21585"
},
{
"name": "1016519",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016519"
},
{
"name": "SSA:2006-178-02",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.457382"
},
{
"name": "gnupg-parsepacket-bo(27245)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27245"
}
]
}
}

170
2006/3xxx/CVE-2006-3171.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3171",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CRLF injection vulnerability in CS-Forum before 0.82 allows remote attackers to inject arbitrary email headers via a newline character in the email parameter to ajouter.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.acid-root.new.fr/advisories/csforum081.txt",
"refsource" : "MISC",
"url" : "http://www.acid-root.new.fr/advisories/csforum081.txt"
},
{
"name" : "http://www.comscripts.com/scripts/php.cs-forum.643.html",
"refsource" : "CONFIRM",
"url" : "http://www.comscripts.com/scripts/php.cs-forum.643.html"
},
{
"name" : "ADV-2006-2314",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2314"
},
{
"name" : "26384",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26384"
},
{
"name" : "20534",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20534"
},
{
"name" : "csforum-ajouter-header-injection(27177)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27177"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in CS-Forum before 0.82 allows remote attackers to inject arbitrary email headers via a newline character in the email parameter to ajouter.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26384",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26384"
},
{
"name": "http://www.comscripts.com/scripts/php.cs-forum.643.html",
"refsource": "CONFIRM",
"url": "http://www.comscripts.com/scripts/php.cs-forum.643.html"
},
{
"name": "20534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20534"
},
{
"name": "csforum-ajouter-header-injection(27177)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27177"
},
{
"name": "ADV-2006-2314",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2314"
},
{
"name": "http://www.acid-root.new.fr/advisories/csforum081.txt",
"refsource": "MISC",
"url": "http://www.acid-root.new.fr/advisories/csforum081.txt"
}
]
}
}

160
2006/3xxx/CVE-2006-3339.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3339",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "secure/ConfigureReleaseNote.jspa in Atlassian JIRA 3.6.2-#156 allows remote attackers to obtain sensitive information via unspecified manipulations of the projectId parameter, which displays the installation path and other system information in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/06/atlassian-jira-information-disclosure.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/06/atlassian-jira-information-disclosure.html"
},
{
"name" : "http://jira.atlassian.com/browse/JRA-10542",
"refsource" : "CONFIRM",
"url" : "http://jira.atlassian.com/browse/JRA-10542"
},
{
"name" : "ADV-2006-2472",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2472"
},
{
"name" : "26745",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26745"
},
{
"name" : "jira-projectid-info-disclosure(27235)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27235"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "secure/ConfigureReleaseNote.jspa in Atlassian JIRA 3.6.2-#156 allows remote attackers to obtain sensitive information via unspecified manipulations of the projectId parameter, which displays the installation path and other system information in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2472",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2472"
},
{
"name": "http://pridels0.blogspot.com/2006/06/atlassian-jira-information-disclosure.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/06/atlassian-jira-information-disclosure.html"
},
{
"name": "jira-projectid-info-disclosure(27235)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27235"
},
{
"name": "26745",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26745"
},
{
"name": "http://jira.atlassian.com/browse/JRA-10542",
"refsource": "CONFIRM",
"url": "http://jira.atlassian.com/browse/JRA-10542"
}
]
}
}

210
2006/3xxx/CVE-2006-3668.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3668",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the it_read_envelope function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and earlier and current CVS as of 20060716, including libdumb, allows user-assisted attackers to execute arbitrary code via a \".it\" (Impulse Tracker) file with an envelope with a large number of nodes."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://aluigi.altervista.org/adv/dumbit-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/dumbit-adv.txt"
},
{
"name" : "DSA-1123",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1123"
},
{
"name" : "GLSA-200608-14",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200608-14.xml"
},
{
"name" : "19025",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19025"
},
{
"name" : "ADV-2006-2835",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2835"
},
{
"name" : "21092",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21092"
},
{
"name" : "21184",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21184"
},
{
"name" : "21416",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21416"
},
{
"name" : "1240",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1240"
},
{
"name" : "dumb-itreadenvelope-bo(27789)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27789"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the it_read_envelope function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and earlier and current CVS as of 20060716, including libdumb, allows user-assisted attackers to execute arbitrary code via a \".it\" (Impulse Tracker) file with an envelope with a large number of nodes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1123",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1123"
},
{
"name": "21092",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21092"
},
{
"name": "1240",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1240"
},
{
"name": "GLSA-200608-14",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200608-14.xml"
},
{
"name": "21184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21184"
},
{
"name": "http://aluigi.altervista.org/adv/dumbit-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/dumbit-adv.txt"
},
{
"name": "19025",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19025"
},
{
"name": "21416",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21416"
},
{
"name": "ADV-2006-2835",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2835"
},
{
"name": "dumb-itreadenvelope-bo(27789)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27789"
}
]
}
}

160
2006/4xxx/CVE-2006-4121.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4121",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in owimg.php3 in See-Commerce 1.0.625 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4121",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2155",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2155"
},
{
"name" : "19443",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19443"
},
{
"name" : "ADV-2006-3233",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3233"
},
{
"name" : "21460",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21460"
},
{
"name" : "seecommerce-owimg-file-include(28302)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28302"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in owimg.php3 in See-Commerce 1.0.625 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3233",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3233"
},
{
"name": "21460",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21460"
},
{
"name": "seecommerce-owimg-file-include(28302)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28302"
},
{
"name": "2155",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2155"
},
{
"name": "19443",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19443"
}
]
}
}

210
2006/4xxx/CVE-2006-4304.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4304",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before 20060902 allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possibly execute arbitrary code via crafted Link Control Protocol (LCP) packets with an option length that exceeds the overall length, which triggers the overflow in (1) pppoe and (2) ippp. NOTE: this issue was originally incorrectly reported for the ppp driver."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4304",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "FreeBSD-SA-06:08",
"refsource" : "FREEBSD",
"url" : "http://security.FreeBSD.org/advisories/FreeBSD-SA-06:18.ppp.asc"
},
{
"name" : "http://security.FreeBSD.org/patches/SA-06:18/ppp4x.patch",
"refsource" : "MISC",
"url" : "http://security.FreeBSD.org/patches/SA-06:18/ppp4x.patch"
},
{
"name" : "NetBSD-SA2006-019",
"refsource" : "NETBSD",
"url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-019.txt.asc"
},
{
"name" : "[3.9] 20060902 009: SECURITY FIX: September 2, 2006",
"refsource" : "OPENBSD",
"url" : "http://www.openbsd.org/errata.html#sppp"
},
{
"name" : "[3.8] 20060902 014: SECURITY FIX: September 2, 2006",
"refsource" : "OPENBSD",
"url" : "http://www.openbsd.org/errata38.html#sppp"
},
{
"name" : "19684",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19684"
},
{
"name" : "1016745",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016745"
},
{
"name" : "21587",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21587"
},
{
"name" : "21731",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21731"
},
{
"name" : "sppp4-lcp-bo(28562)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28562"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before 20060902 allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possibly execute arbitrary code via crafted Link Control Protocol (LCP) packets with an option length that exceeds the overall length, which triggers the overflow in (1) pppoe and (2) ippp. NOTE: this issue was originally incorrectly reported for the ppp driver."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.FreeBSD.org/patches/SA-06:18/ppp4x.patch",
"refsource": "MISC",
"url": "http://security.FreeBSD.org/patches/SA-06:18/ppp4x.patch"
},
{
"name": "19684",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19684"
},
{
"name": "sppp4-lcp-bo(28562)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28562"
},
{
"name": "FreeBSD-SA-06:08",
"refsource": "FREEBSD",
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-06:18.ppp.asc"
},
{
"name": "[3.8] 20060902 014: SECURITY FIX: September 2, 2006",
"refsource": "OPENBSD",
"url": "http://www.openbsd.org/errata38.html#sppp"
},
{
"name": "21731",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21731"
},
{
"name": "NetBSD-SA2006-019",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-019.txt.asc"
},
{
"name": "1016745",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016745"
},
{
"name": "[3.9] 20060902 009: SECURITY FIX: September 2, 2006",
"refsource": "OPENBSD",
"url": "http://www.openbsd.org/errata.html#sppp"
},
{
"name": "21587",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21587"
}
]
}
}

160
2006/4xxx/CVE-2006-4454.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4454",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.34 allows remote attackers to inject arbitrary web script or HTML via the q parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060829 XSS in HLStats 1.34",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0741.html"
},
{
"name" : "19745",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19745"
},
{
"name" : "28238",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28238"
},
{
"name" : "21635",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21635"
},
{
"name" : "hlstats-hlstats-xss(28619)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28619"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.34 allows remote attackers to inject arbitrary web script or HTML via the q parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21635",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21635"
},
{
"name": "hlstats-hlstats-xss(28619)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28619"
},
{
"name": "28238",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28238"
},
{
"name": "20060829 XSS in HLStats 1.34",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0741.html"
},
{
"name": "19745",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19745"
}
]
}
}

130
2006/4xxx/CVE-2006-4861.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4861",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in loginprocess.asp in Mohammed Mehdi Panjwani Complain Center 1 allows remote attackers to execute arbitrary SQL commands via the (1) TxtUser (aka Username) and (2) TxtPass (aka Password) parameters in login.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060914 Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446078/100/0/threaded"
},
{
"name" : "1601",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1601"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in loginprocess.asp in Mohammed Mehdi Panjwani Complain Center 1 allows remote attackers to execute arbitrary SQL commands via the (1) TxtUser (aka Username) and (2) TxtPass (aka Password) parameters in login.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1601",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1601"
},
{
"name": "20060914 Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446078/100/0/threaded"
}
]
}
}

140
2010/2xxx/CVE-2010-2142.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2142",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in default.asp in Cyberhost allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1005-exploits/cyberhost-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1005-exploits/cyberhost-sql.txt"
},
{
"name" : "40357",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40357"
},
{
"name" : "cyberhost-default-sql-injection(58889)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58889"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in default.asp in Cyberhost allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cyberhost-default-sql-injection(58889)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58889"
},
{
"name": "http://packetstormsecurity.org/1005-exploits/cyberhost-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1005-exploits/cyberhost-sql.txt"
},
{
"name": "40357",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40357"
}
]
}
}

320
2010/2xxx/CVE-2010-2240.json
View File

@ -1,162 +1,162 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2240",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The do_anonymous_page function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to the bottom page of a shared memory segment, as demonstrated by a memory-exhaustion attack against the X.Org X server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/517739/100/0/threaded"
},
{
"name" : "[security-announce] 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console",
"refsource" : "MLIST",
"url" : "http://lists.vmware.com/pipermail/security-announce/2011/000133.html"
},
{
"name" : "http://www.invisiblethingslab.com/resources/misc-2010/xorg-large-memory-attacks.pdf",
"refsource" : "MISC",
"url" : "http://www.invisiblethingslab.com/resources/misc-2010/xorg-large-memory-attacks.pdf"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=320b2b8de12698082609ebbc1a17165727f4c893",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=320b2b8de12698082609ebbc1a17165727f4c893"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.52",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.52"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.19",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.19"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.4",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.4"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.2",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=606611",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=606611"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0007.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0007.html"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0009.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
},
{
"name" : "DSA-2094",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2094"
},
{
"name" : "MDVSA-2010:172",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:172"
},
{
"name" : "MDVSA-2010:198",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
},
{
"name" : "MDVSA-2011:051",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051"
},
{
"name" : "RHSA-2010:0661",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2010-0661.html"
},
{
"name" : "RHSA-2010:0660",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0660.html"
},
{
"name" : "RHSA-2010:0670",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0670.html"
},
{
"name" : "RHSA-2010:0882",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0882.html"
},
{
"name" : "oval:org.mitre.oval:def:13247",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13247"
},
{
"name" : "1024344",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024344"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The do_anonymous_page function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to the bottom page of a shared memory segment, as demonstrated by a memory-exhaustion attack against the X.Org X server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.52",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.52"
},
{
"name": "MDVSA-2010:198",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
},
{
"name": "RHSA-2010:0670",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0670.html"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.4",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.4"
},
{
"name": "oval:org.mitre.oval:def:13247",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13247"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=320b2b8de12698082609ebbc1a17165727f4c893",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=320b2b8de12698082609ebbc1a17165727f4c893"
},
{
"name": "RHSA-2010:0660",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0660.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0007.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0007.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=606611",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=606611"
},
{
"name": "RHSA-2010:0661",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0661.html"
},
{
"name": "RHSA-2010:0882",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0882.html"
},
{
"name": "MDVSA-2011:051",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.2",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.2"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
},
{
"name": "DSA-2094",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2094"
},
{
"name": "http://www.invisiblethingslab.com/resources/misc-2010/xorg-large-memory-attacks.pdf",
"refsource": "MISC",
"url": "http://www.invisiblethingslab.com/resources/misc-2010/xorg-large-memory-attacks.pdf"
},
{
"name": "[security-announce] 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2011/000133.html"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.19",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.19"
},
{
"name": "20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517739/100/0/threaded"
},
{
"name": "MDVSA-2010:172",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:172"
},
{
"name": "1024344",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024344"
}
]
}
}

150
2010/2xxx/CVE-2010-2425.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2425",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read or delete arbitrary files via \"..//\" sequences in a COMB command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100617 TitanFTP Server COMB directory traversal",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/511873/100/0/threaded"
},
{
"name" : "40949",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40949"
},
{
"name" : "65622",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/65622"
},
{
"name" : "40237",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40237"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read or delete arbitrary files via \"..//\" sequences in a COMB command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40237",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40237"
},
{
"name": "40949",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40949"
},
{
"name": "20100617 TitanFTP Server COMB directory traversal",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511873/100/0/threaded"
},
{
"name": "65622",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/65622"
}
]
}
}

130
2010/2xxx/CVE-2010-2723.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2723",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in LISTSERV 15 and 16 allows remote attackers to inject arbitrary web script or HTML via the T parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "41503",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41503"
},
{
"name" : "40529",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40529"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in LISTSERV 15 and 16 allows remote attackers to inject arbitrary web script or HTML via the T parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41503",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41503"
},
{
"name": "40529",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40529"
}
]
}
}

390
2010/3xxx/CVE-2010-3067.json
View File

@ -1,197 +1,197 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3067",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly have unspecified other impact via crafted use of the io_submit system call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=75e1c70fc31490ef8a373ea2a4bea2524099b478",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=75e1c70fc31490ef8a373ea2a4bea2524099b478"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.36-rc4-next-20100915.bz2",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.36-rc4-next-20100915.bz2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=629441",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=629441"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name" : "DSA-2126",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2126"
},
{
"name" : "MDVSA-2010:257",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:257"
},
{
"name" : "MDVSA-2011:029",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029"
},
{
"name" : "MDVSA-2011:051",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051"
},
{
"name" : "RHSA-2010:0758",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0758.html"
},
{
"name" : "RHSA-2010:0779",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0779.html"
},
{
"name" : "RHSA-2010:0839",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0839.html"
},
{
"name" : "RHSA-2011:0007",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0007.html"
},
{
"name" : "SUSE-SA:2011:001",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html"
},
{
"name" : "SUSE-SA:2011:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html"
},
{
"name" : "SUSE-SA:2010:060",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html"
},
{
"name" : "SUSE-SA:2011:007",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
},
{
"name" : "SUSE-SA:2011:008",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html"
},
{
"name" : "USN-1000-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1000-1"
},
{
"name" : "42778",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42778"
},
{
"name" : "42801",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42801"
},
{
"name" : "42890",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42890"
},
{
"name" : "43291",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43291"
},
{
"name" : "46397",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46397"
},
{
"name" : "ADV-2011-0012",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0012"
},
{
"name" : "ADV-2011-0298",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0298"
},
{
"name" : "ADV-2011-0375",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0375"
},
{
"name" : "kernel-doiosubmit-dos(61884)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61884"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly have unspecified other impact via crafted use of the io_submit system call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42778",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42778"
},
{
"name": "USN-1000-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1000-1"
},
{
"name": "42801",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42801"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46397"
},
{
"name": "SUSE-SA:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.36-rc4-next-20100915.bz2",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.36-rc4-next-20100915.bz2"
},
{
"name": "SUSE-SA:2011:001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html"
},
{
"name": "RHSA-2011:0007",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0007.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=629441",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=629441"
},
{
"name": "SUSE-SA:2011:007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
},
{
"name": "SUSE-SA:2010:060",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html"
},
{
"name": "ADV-2011-0298",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0298"
},
{
"name": "MDVSA-2011:051",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051"
},
{
"name": "RHSA-2010:0839",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0839.html"
},
{
"name": "MDVSA-2010:257",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:257"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "ADV-2011-0375",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0375"
},
{
"name": "42890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42890"
},
{
"name": "ADV-2011-0012",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0012"
},
{
"name": "kernel-doiosubmit-dos(61884)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61884"
},
{
"name": "SUSE-SA:2011:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html"
},
{
"name": "MDVSA-2011:029",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029"
},
{
"name": "RHSA-2010:0758",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0758.html"
},
{
"name": "43291",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43291"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=75e1c70fc31490ef8a373ea2a4bea2524099b478",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=75e1c70fc31490ef8a373ea2a4bea2524099b478"
},
{
"name": "RHSA-2010:0779",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0779.html"
},
{
"name": "DSA-2126",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2126"
}
]
}
}

34
2010/3xxx/CVE-2010-3723.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3723",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2010-3723",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
}

140
2010/3xxx/CVE-2010-3845.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3845",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libapache-authenhook-perl 2.00-04 stores usernames and passwords in plaintext in the vhost error log."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20101013 Re: CVE request: Apache-AuthenHook perl module",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2010/q4/63"
},
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599712",
"refsource" : "MISC",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599712"
},
{
"name" : "https://rt.cpan.org/Public/Bug/Display.html?id=62040",
"refsource" : "CONFIRM",
"url" : "https://rt.cpan.org/Public/Bug/Display.html?id=62040"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libapache-authenhook-perl 2.00-04 stores usernames and passwords in plaintext in the vhost error log."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599712",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599712"
},
{
"name": "[oss-security] 20101013 Re: CVE request: Apache-AuthenHook perl module",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2010/q4/63"
},
{
"name": "https://rt.cpan.org/Public/Bug/Display.html?id=62040",
"refsource": "CONFIRM",
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=62040"
}
]
}
}

34
2010/3xxx/CVE-2010-3885.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3885",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-3227. Reason: This candidate is a duplicate of CVE-2010-3227. Notes: All CVE users should reference CVE-2010-3227 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2010-3885",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-3227. Reason: This candidate is a duplicate of CVE-2010-3227. Notes: All CVE users should reference CVE-2010-3227 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

150
2010/4xxx/CVE-2010-4855.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4855",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in oku.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the makale_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15218",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15218"
},
{
"name" : "http://packetstormsecurity.org/1010-exploits/xweblog22-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1010-exploits/xweblog22-sql.txt"
},
{
"name" : "41708",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41708"
},
{
"name" : "8414",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8414"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in oku.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the makale_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15218",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15218"
},
{
"name": "http://packetstormsecurity.org/1010-exploits/xweblog22-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1010-exploits/xweblog22-sql.txt"
},
{
"name": "8414",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8414"
},
{
"name": "41708",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41708"
}
]
}
}

140
2010/4xxx/CVE-2010-4989.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4989",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in main.asp in Ziggurat Farsi CMS allows remote attackers to execute arbitrary SQL commands via the grp parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14192",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14192"
},
{
"name" : "ADV-2010-1688",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1688"
},
{
"name" : "ziggurat-main-sql-inection(60065)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60065"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in main.asp in Ziggurat Farsi CMS allows remote attackers to execute arbitrary SQL commands via the grp parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ziggurat-main-sql-inection(60065)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60065"
},
{
"name": "14192",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14192"
},
{
"name": "ADV-2010-1688",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1688"
}
]
}
}

170
2011/0xxx/CVE-2011-0635.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0635",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Static code injection vulnerability in Simploo CMS 1.7.1 and earlier allows remote authenticated users to inject arbitrary PHP code into config/custom/base.ini.php via the ftpserver parameter (FTP-Server field) to the sicore/updates/optionssav operation for index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110118 Simploo CMS Community Edition - Remote PHP Code Execution Issue",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/515809/100/0/threaded"
},
{
"name" : "16016",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/16016"
},
{
"name" : "45906",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45906"
},
{
"name" : "70487",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70487"
},
{
"name" : "42953",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42953"
},
{
"name" : "simploocms-ftpserver-code-execution(64826)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64826"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Static code injection vulnerability in Simploo CMS 1.7.1 and earlier allows remote authenticated users to inject arbitrary PHP code into config/custom/base.ini.php via the ftpserver parameter (FTP-Server field) to the sicore/updates/optionssav operation for index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16016",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/16016"
},
{
"name": "45906",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45906"
},
{
"name": "70487",
"refsource": "OSVDB",
"url": "http://osvdb.org/70487"
},
{
"name": "20110118 Simploo CMS Community Edition - Remote PHP Code Execution Issue",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/515809/100/0/threaded"
},
{
"name": "42953",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42953"
},
{
"name": "simploocms-ftpserver-code-execution(64826)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64826"
}
]
}
}

260
2011/1xxx/CVE-2011-1025.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1025",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[openldap-announce] 20110212 OpenLDAP 2.4.24 available",
"refsource" : "MLIST",
"url" : "http://www.openldap.org/lists/openldap-announce/201102/msg00000.html"
},
{
"name" : "[oss-security] 20110224 CVE Request -- OpenLDAP -- two issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/02/24/12"
},
{
"name" : "[oss-security] 20110225 Re: CVE Request -- OpenLDAP -- two issue",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/02/25/13"
},
{
"name" : "http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ndb/bind.cpp.diff?r1=1.5&r2=1.8",
"refsource" : "CONFIRM",
"url" : "http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ndb/bind.cpp.diff?r1=1.5&r2=1.8"
},
{
"name" : "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6661",
"refsource" : "CONFIRM",
"url" : "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6661"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=680472",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=680472"
},
{
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705",
"refsource" : "CONFIRM",
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"
},
{
"name" : "GLSA-201406-36",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201406-36.xml"
},
{
"name" : "MDVSA-2011:056",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:056"
},
{
"name" : "RHSA-2011:0347",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0347.html"
},
{
"name" : "USN-1100-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1100-1"
},
{
"name" : "1025190",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025190"
},
{
"name" : "43331",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43331"
},
{
"name" : "43718",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43718"
},
{
"name" : "ADV-2011-0665",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0665"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201406-36",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-36.xml"
},
{
"name": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6661",
"refsource": "CONFIRM",
"url": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6661"
},
{
"name": "http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ndb/bind.cpp.diff?r1=1.5&r2=1.8",
"refsource": "CONFIRM",
"url": "http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ndb/bind.cpp.diff?r1=1.5&r2=1.8"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=680472",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680472"
},
{
"name": "1025190",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025190"
},
{
"name": "[openldap-announce] 20110212 OpenLDAP 2.4.24 available",
"refsource": "MLIST",
"url": "http://www.openldap.org/lists/openldap-announce/201102/msg00000.html"
},
{
"name": "MDVSA-2011:056",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:056"
},
{
"name": "RHSA-2011:0347",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0347.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"
},
{
"name": "[oss-security] 20110225 Re: CVE Request -- OpenLDAP -- two issue",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/02/25/13"
},
{
"name": "43718",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43718"
},
{
"name": "[oss-security] 20110224 CVE Request -- OpenLDAP -- two issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/02/24/12"
},
{
"name": "USN-1100-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1100-1"
},
{
"name": "ADV-2011-0665",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0665"
},
{
"name": "43331",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43331"
}
]
}
}

170
2011/1xxx/CVE-2011-1193.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1193",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google V8, as used in Google Chrome before 10.0.648.127, allows remote attackers to bypass the Same Origin Policy via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=70877",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=70877"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html"
},
{
"name" : "46785",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46785"
},
{
"name" : "oval:org.mitre.oval:def:14035",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14035"
},
{
"name" : "ADV-2011-0628",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0628"
},
{
"name" : "google-unspecified-security-bypass(65957)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65957"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google V8, as used in Google Chrome before 10.0.648.127, allows remote attackers to bypass the Same Origin Policy via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:14035",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14035"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=70877",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=70877"
},
{
"name": "46785",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46785"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html"
},
{
"name": "google-unspecified-security-bypass(65957)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65957"
},
{
"name": "ADV-2011-0628",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0628"
}
]
}
}

180
2011/1xxx/CVE-2011-1815.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1815",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 12.0.742.91 allows remote attackers to inject script into a tab page via vectors related to extensions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-1815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=79862",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=79862"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html"
},
{
"name" : "48129",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/48129"
},
{
"name" : "72785",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/72785"
},
{
"name" : "oval:org.mitre.oval:def:14728",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14728"
},
{
"name" : "44829",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44829"
},
{
"name" : "chrome-tab-page-xss(67898)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67898"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 12.0.742.91 allows remote attackers to inject script into a tab page via vectors related to extensions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44829",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44829"
},
{
"name": "oval:org.mitre.oval:def:14728",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14728"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=79862",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=79862"
},
{
"name": "72785",
"refsource": "OSVDB",
"url": "http://osvdb.org/72785"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html"
},
{
"name": "48129",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48129"
},
{
"name": "chrome-tab-page-xss(67898)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67898"
}
]
}
}

140
2011/1xxx/CVE-2011-1891.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1891",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka \"Contact Details Reflected XSS Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-1891",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS11-074",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074"
},
{
"name" : "TA11-256A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
},
{
"name" : "oval:org.mitre.oval:def:12864",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12864"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka \"Contact Details Reflected XSS Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:12864",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12864"
},
{
"name": "MS11-074",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074"
},
{
"name": "TA11-256A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
}
]
}
}

150
2011/5xxx/CVE-2011-5080.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5080",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in lib/class.tx_jftcaforms_tceFunc.php in the Additional TCA Forms (jftcaforms) extension before 0.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/",
"refsource" : "MISC",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name" : "http://forge.typo3.org/projects/extension-jftcaforms/repository/diff?rev=51637&rev_to=51568",
"refsource" : "CONFIRM",
"url" : "http://forge.typo3.org/projects/extension-jftcaforms/repository/diff?rev=51637&rev_to=51568"
},
{
"name" : "51854",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51854"
},
{
"name" : "78800",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/78800"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in lib/class.tx_jftcaforms_tceFunc.php in the Additional TCA Forms (jftcaforms) extension before 0.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "http://forge.typo3.org/projects/extension-jftcaforms/repository/diff?rev=51637&rev_to=51568",
"refsource": "CONFIRM",
"url": "http://forge.typo3.org/projects/extension-jftcaforms/repository/diff?rev=51637&rev_to=51568"
},
{
"name": "51854",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51854"
},
{
"name": "78800",
"refsource": "OSVDB",
"url": "http://osvdb.org/78800"
}
]
}
}

130
2014/3xxx/CVE-2014-3018.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3018",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM BladeCenter SAS Connectivity Module (aka NSSM) and SAS RAID Module (aka RSSM) before 1.3.3.006 allow remote attackers to cause a denial of service (reboot) via a flood of IP packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096774",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096774"
},
{
"name" : "ibm-bladecenter-cve20143018-dos(93052)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93052"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM BladeCenter SAS Connectivity Module (aka NSSM) and SAS RAID Module (aka RSSM) before 1.3.3.006 allow remote attackers to cause a denial of service (reboot) via a flood of IP packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096774",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096774"
},
{
"name": "ibm-bladecenter-cve20143018-dos(93052)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93052"
}
]
}
}

160
2014/3xxx/CVE-2014-3071.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3071",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Data Quality Console in IBM InfoSphere Information Server 11.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL for adding a project connection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677719",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677719"
},
{
"name" : "JR50453",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR50453"
},
{
"name" : "68781",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68781"
},
{
"name" : "59267",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59267"
},
{
"name" : "ibm-infosphere-cve20143071-xss(93786)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93786"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Data Quality Console in IBM InfoSphere Information Server 11.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL for adding a project connection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68781",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68781"
},
{
"name": "ibm-infosphere-cve20143071-xss(93786)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93786"
},
{
"name": "JR50453",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR50453"
},
{
"name": "59267",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59267"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677719",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677719"
}
]
}
}

160
2014/3xxx/CVE-2014-3283.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3283",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in Self-Care Client Portal applications in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka Bug ID CSCun79731."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34383",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34383"
},
{
"name" : "20140527 Cisco Unified Communications Domain Manager Self-Care HTTP Redirect Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3283"
},
{
"name" : "67665",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67665"
},
{
"name" : "1030306",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030306"
},
{
"name" : "58400",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58400"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in Self-Care Client Portal applications in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka Bug ID CSCun79731."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34383",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34383"
},
{
"name": "1030306",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030306"
},
{
"name": "67665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67665"
},
{
"name": "20140527 Cisco Unified Communications Domain Manager Self-Care HTTP Redirect Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3283"
},
{
"name": "58400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58400"
}
]
}
}

120
2014/3xxx/CVE-2014-3410.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3410",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The syslog-management subsystem in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain an administrator password by waiting for an administrator to copy a file, and then (1) sniffing the network for a syslog message or (2) reading a syslog message in a file on a syslog server, aka Bug IDs CSCuq22357 and CSCur41860."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141219 Cisco ASA Information Leak in Syslog Messages Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3410"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The syslog-management subsystem in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain an administrator password by waiting for an administrator to copy a file, and then (1) sniffing the network for a syslog message or (2) reading a syslog message in a file on a syslog server, aka Bug IDs CSCuq22357 and CSCur41860."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141219 Cisco ASA Information Leak in Syslog Messages Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3410"
}
]
}
}

120
2014/6xxx/CVE-2014-6356.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6356",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Array index error in Microsoft Word 2007 SP3, Word 2010 SP2, and Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Invalid Index Remote Code Execution Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-6356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-081",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-081"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Array index error in Microsoft Word 2007 SP3, Word 2010 SP2, and Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Invalid Index Remote Code Execution Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS14-081",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-081"
}
]
}
}

140
2014/6xxx/CVE-2014-6818.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6818",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The OHBM 20th Annual Meeting (aka com.coreapps.android.followme.ohbm2014) application 6.0.9.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6818",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#536913",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/536913"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OHBM 20th Annual Meeting (aka com.coreapps.android.followme.ohbm2014) application 6.0.9.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#536913",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/536913"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/6xxx/CVE-2014-6853.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6853",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Foxit MobilePDF - PDF Reader (aka com.foxit.mobile.pdf.lite) application 2.2.0.0616 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#715905",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/715905"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Foxit MobilePDF - PDF Reader (aka com.foxit.mobile.pdf.lite) application 2.2.0.0616 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#715905",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/715905"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7697.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7697",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Eyvah! Bosandim ozgurum (aka com.wEyvahBosandimBlog) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#203305",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/203305"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Eyvah! Bosandim ozgurum (aka com.wEyvahBosandimBlog) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#203305",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/203305"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

130
2014/7xxx/CVE-2014-7917.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7917",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342615."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2014-7917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://events.linuxfoundation.org/sites/events/files/slides/ABS2015.pdf",
"refsource" : "MISC",
"url" : "http://events.linuxfoundation.org/sites/events/files/slides/ABS2015.pdf"
},
{
"name" : "https://android.googlesource.com/platform/frameworks/av/+/edd4a76eb4747bd19ed122df46fa46b452c12a0d",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/av/+/edd4a76eb4747bd19ed122df46fa46b452c12a0d"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342615."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://events.linuxfoundation.org/sites/events/files/slides/ABS2015.pdf",
"refsource": "MISC",
"url": "http://events.linuxfoundation.org/sites/events/files/slides/ABS2015.pdf"
},
{
"name": "https://android.googlesource.com/platform/frameworks/av/+/edd4a76eb4747bd19ed122df46fa46b452c12a0d",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/edd4a76eb4747bd19ed122df46fa46b452c12a0d"
}
]
}
}

270
2014/7xxx/CVE-2014-7970.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7970",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[linux-fsdevel] 20141008 [PATCH] mnt: Prevent pivot_root from creating a loop in the mount tree",
"refsource" : "MLIST",
"url" : "http://www.spinics.net/lists/linux-fsdevel/msg79153.html"
},
{
"name" : "[oss-security] 20141008 CVE-2014-7970: Linux VFS denial of service",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/10/08/21"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1151095",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1151095"
},
{
"name" : "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d0826019e529f21c84687521d03f60cd241ca7d",
"refsource" : "CONFIRM",
"url" : "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d0826019e529f21c84687521d03f60cd241ca7d"
},
{
"name" : "RHSA-2017:1842",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1842"
},
{
"name" : "RHSA-2017:2077",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2077"
},
{
"name" : "SUSE-SU-2015:0736",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html"
},
{
"name" : "USN-2419-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2419-1"
},
{
"name" : "USN-2420-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2420-1"
},
{
"name" : "USN-2513-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2513-1"
},
{
"name" : "USN-2514-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2514-1"
},
{
"name" : "70319",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70319"
},
{
"name" : "1030991",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030991"
},
{
"name" : "61142",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61142"
},
{
"name" : "60174",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60174"
},
{
"name" : "linux-kernel-cve20147970-dos(96921)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96921"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2015:0736",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html"
},
{
"name": "70319",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70319"
},
{
"name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d0826019e529f21c84687521d03f60cd241ca7d",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d0826019e529f21c84687521d03f60cd241ca7d"
},
{
"name": "USN-2419-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2419-1"
},
{
"name": "USN-2514-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2514-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1151095",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1151095"
},
{
"name": "60174",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60174"
},
{
"name": "[oss-security] 20141008 CVE-2014-7970: Linux VFS denial of service",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/10/08/21"
},
{
"name": "USN-2420-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2420-1"
},
{
"name": "RHSA-2017:2077",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2077"
},
{
"name": "[linux-fsdevel] 20141008 [PATCH] mnt: Prevent pivot_root from creating a loop in the mount tree",
"refsource": "MLIST",
"url": "http://www.spinics.net/lists/linux-fsdevel/msg79153.html"
},
{
"name": "RHSA-2017:1842",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1842"
},
{
"name": "linux-kernel-cve20147970-dos(96921)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96921"
},
{
"name": "USN-2513-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2513-1"
},
{
"name": "61142",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61142"
},
{
"name": "1030991",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030991"
}
]
}
}

230
2014/8xxx/CVE-2014-8092.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8092",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) ProcPutImage, (2) GetHosts, (3) RegionSizeof, or (4) REQUEST_FIXED_SIZE function, which triggers an out-of-bounds read or write."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/",
"refsource" : "CONFIRM",
"url" : "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/"
},
{
"name" : "http://advisories.mageia.org/MGASA-2014-0532.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2014-0532.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name" : "DSA-3095",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3095"
},
{
"name" : "GLSA-201504-06",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201504-06"
},
{
"name" : "MDVSA-2015:119",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119"
},
{
"name" : "71595",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71595"
},
{
"name" : "62292",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62292"
},
{
"name" : "61947",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61947"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) ProcPutImage, (2) GetHosts, (3) RegionSizeof, or (4) REQUEST_FIXED_SIZE function, which triggers an out-of-bounds read or write."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3095",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3095"
},
{
"name": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/",
"refsource": "CONFIRM",
"url": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/"
},
{
"name": "71595",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71595"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0532.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0532.html"
},
{
"name": "GLSA-201504-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-06"
},
{
"name": "62292",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62292"
},
{
"name": "MDVSA-2015:119",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "61947",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61947"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
]
}
}

250
2014/8xxx/CVE-2014-8767.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8767",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8767",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141118 CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534011/100/0/threaded"
},
{
"name" : "20141118 CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Nov/47"
},
{
"name" : "http://packetstormsecurity.com/files/129155/tcpdump-4.6.2-OSLR-Denial-Of-Service.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129155/tcpdump-4.6.2-OSLR-Denial-Of-Service.html"
},
{
"name" : "http://advisories.mageia.org/MGASA-2014-0503.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2014-0503.html"
},
{
"name" : "https://support.apple.com/kb/HT205031",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT205031"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name" : "APPLE-SA-2015-08-13-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name" : "DSA-3086",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3086"
},
{
"name" : "MDVSA-2014:240",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:240"
},
{
"name" : "MDVSA-2015:125",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:125"
},
{
"name" : "openSUSE-SU-2015:0284",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-02/msg00062.html"
},
{
"name" : "USN-2433-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2433-1"
},
{
"name" : "71150",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71150"
},
{
"name" : "tcpdump-cve20148767-dos(98765)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98765"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2014:240",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:240"
},
{
"name": "MDVSA-2015:125",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:125"
},
{
"name": "http://packetstormsecurity.com/files/129155/tcpdump-4.6.2-OSLR-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129155/tcpdump-4.6.2-OSLR-Denial-Of-Service.html"
},
{
"name": "openSUSE-SU-2015:0284",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00062.html"
},
{
"name": "tcpdump-cve20148767-dos(98765)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98765"
},
{
"name": "20141118 CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534011/100/0/threaded"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "20141118 CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/47"
},
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "USN-2433-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2433-1"
},
{
"name": "DSA-3086",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3086"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0503.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0503.html"
},
{
"name": "71150",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71150"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
}
]
}
}

160
2014/8xxx/CVE-2014-8799.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8799",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "35346",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/35346"
},
{
"name" : "http://security.szurek.pl/dukapress-252-path-traversal.html",
"refsource" : "MISC",
"url" : "http://security.szurek.pl/dukapress-252-path-traversal.html"
},
{
"name" : "https://plugins.trac.wordpress.org/changeset/1024640/dukapress",
"refsource" : "CONFIRM",
"url" : "https://plugins.trac.wordpress.org/changeset/1024640/dukapress"
},
{
"name" : "https://wordpress.org/plugins/dukapress/changelog/",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/plugins/dukapress/changelog/"
},
{
"name" : "dukapress-cve20148799-dir-traversal(98943)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98943"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/dukapress/changelog/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/dukapress/changelog/"
},
{
"name": "http://security.szurek.pl/dukapress-252-path-traversal.html",
"refsource": "MISC",
"url": "http://security.szurek.pl/dukapress-252-path-traversal.html"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/1024640/dukapress",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/1024640/dukapress"
},
{
"name": "35346",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35346"
},
{
"name": "dukapress-cve20148799-dir-traversal(98943)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98943"
}
]
}
}

34
2014/8xxx/CVE-2014-8859.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8859",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-8859",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

140
2014/9xxx/CVE-2014-9828.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9828",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160602 Re: ImageMagick CVEs",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=460547be494cc8c039b99b65e64a1fa2eb08ab5c",
"refsource" : "CONFIRM",
"url" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=460547be494cc8c039b99b65e64a1fa2eb08ab5c"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343484",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343484"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=460547be494cc8c039b99b65e64a1fa2eb08ab5c",
"refsource": "CONFIRM",
"url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=460547be494cc8c039b99b65e64a1fa2eb08ab5c"
},
{
"name": "[oss-security] 20160602 Re: ImageMagick CVEs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343484",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343484"
}
]
}
}

122
2016/2xxx/CVE-2016-2169.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security_alert@emc.com",
"DATE_PUBLIC" : "2016-03-23T00:00:00",
"ID" : "CVE-2016-2169",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cloud Controller",
"version" : {
"version_data" : [
{
"version_value" : "capi-release prior to 1.0.0, cf-release prior to v237"
}
]
}
}
]
},
"vendor_name" : "Cloud Foundry"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service route and receive traffic intended for the service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Business logic"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2016-03-23T00:00:00",
"ID": "CVE-2016-2169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Controller",
"version": {
"version_data": [
{
"version_value": "capi-release prior to 1.0.0, cf-release prior to v237"
}
]
}
}
]
},
"vendor_name": "Cloud Foundry"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/cloudfoundry/cloud_controller_ng/issues/568",
"refsource" : "CONFIRM",
"url" : "https://github.com/cloudfoundry/cloud_controller_ng/issues/568"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service route and receive traffic intended for the service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Business logic"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cloudfoundry/cloud_controller_ng/issues/568",
"refsource": "CONFIRM",
"url": "https://github.com/cloudfoundry/cloud_controller_ng/issues/568"
}
]
}
}

120
2016/2xxx/CVE-2016-2471.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2471",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27773913."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-2471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-06-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-06-01.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27773913."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-06-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-06-01.html"
}
]
}
}

34
2016/2xxx/CVE-2016-2644.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2644",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2644",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/2xxx/CVE-2016-2898.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2898",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2898",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

208
2016/2xxx/CVE-2016-2992.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-2992",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BigInsights",
"version" : {
"version_data" : [
{
"version_value" : "3.0"
},
{
"version_value" : "3.0.0.1"
},
{
"version_value" : "3.0.0.2"
},
{
"version_value" : "1.1.0"
},
{
"version_value" : "1.2.0"
},
{
"version_value" : "1.3.0"
},
{
"version_value" : "1.4.0"
},
{
"version_value" : "2.0.0"
},
{
"version_value" : "2.1.0"
},
{
"version_value" : "2.1.1"
},
{
"version_value" : "2.1.2"
},
{
"version_value" : "4.0.0"
},
{
"version_value" : "4.1.0"
},
{
"version_value" : "4.2.0"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Infosphere BigInsights is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-2992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BigInsights",
"version": {
"version_data": [
{
"version_value": "3.0"
},
{
"version_value": "3.0.0.1"
},
{
"version_value": "3.0.0.2"
},
{
"version_value": "1.1.0"
},
{
"version_value": "1.2.0"
},
{
"version_value": "1.3.0"
},
{
"version_value": "1.4.0"
},
{
"version_value": "2.0.0"
},
{
"version_value": "2.1.0"
},
{
"version_value": "2.1.1"
},
{
"version_value": "2.1.2"
},
{
"version_value": "4.0.0"
},
{
"version_value": "4.1.0"
},
{
"version_value": "4.2.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21987499",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21987499"
},
{
"name" : "95979",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95979"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Infosphere BigInsights is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95979",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95979"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21987499",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21987499"
}
]
}
}

140
2016/6xxx/CVE-2016-6610.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6610",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6610",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.phpmyadmin.net/security/PMASA-2016-33",
"refsource" : "CONFIRM",
"url" : "https://www.phpmyadmin.net/security/PMASA-2016-33"
},
{
"name" : "GLSA-201701-32",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-32"
},
{
"name" : "94118",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94118"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.phpmyadmin.net/security/PMASA-2016-33",
"refsource": "CONFIRM",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-33"
},
{
"name": "94118",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94118"
},
{
"name": "GLSA-201701-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-32"
}
]
}
}

140
2016/6xxx/CVE-2016-6886.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6886",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The pstm_reverse function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid memory read and crash) via a (1) zero value or (2) the key's modulus for the secret key during RSA key exchange."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html",
"refsource" : "MISC",
"url" : "https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html"
},
{
"name" : "http://www.matrixssl.org/blog/releases/matrixssl_3_8_4",
"refsource" : "CONFIRM",
"url" : "http://www.matrixssl.org/blog/releases/matrixssl_3_8_4"
},
{
"name" : "92604",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92604"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pstm_reverse function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid memory read and crash) via a (1) zero value or (2) the key's modulus for the secret key during RSA key exchange."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.matrixssl.org/blog/releases/matrixssl_3_8_4",
"refsource": "CONFIRM",
"url": "http://www.matrixssl.org/blog/releases/matrixssl_3_8_4"
},
{
"name": "https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html",
"refsource": "MISC",
"url": "https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html"
},
{
"name": "92604",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92604"
}
]
}
}

34
2017/18xxx/CVE-2017-18351.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18351",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18351",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2017/5xxx/CVE-2017-5005.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5005",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Quick Heal Internet Security 10.1.0.316 and earlier, Total Security 10.1.0.316 and earlier, and AntiVirus Pro 10.1.0.316 and earlier on OS X allows remote attackers to execute arbitrary code via a crafted LC_UNIXTHREAD.cmdsize field in a Mach-O file that is mishandled during a Security Scan (aka Custom Scan) operation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/payatu/QuickHeal",
"refsource" : "MISC",
"url" : "https://github.com/payatu/QuickHeal"
},
{
"name" : "https://www.youtube.com/watch?v=h9LOsv4XE00",
"refsource" : "MISC",
"url" : "https://www.youtube.com/watch?v=h9LOsv4XE00"
},
{
"name" : "95194",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95194"
},
{
"name" : "1037547",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037547"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Quick Heal Internet Security 10.1.0.316 and earlier, Total Security 10.1.0.316 and earlier, and AntiVirus Pro 10.1.0.316 and earlier on OS X allows remote attackers to execute arbitrary code via a crafted LC_UNIXTHREAD.cmdsize field in a Mach-O file that is mishandled during a Security Scan (aka Custom Scan) operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95194",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95194"
},
{
"name": "1037547",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037547"
},
{
"name": "https://www.youtube.com/watch?v=h9LOsv4XE00",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=h9LOsv4XE00"
},
{
"name": "https://github.com/payatu/QuickHeal",
"refsource": "MISC",
"url": "https://github.com/payatu/QuickHeal"
}
]
}
}

130
2017/5xxx/CVE-2017-5163.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2017-5163",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Belden Hirschmann GECKO 2.0.00 and prior",
"version" : {
"version_data" : [
{
"version_value" : "Belden Hirschmann GECKO 2.0.00 and prior"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. After an administrator downloads a configuration file, a copy of the configuration file, which includes hashes of user passwords, is saved to a location that is accessible without authentication by path traversal."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Belden Hirschmann GECKO path traversal"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-5163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Belden Hirschmann GECKO 2.0.00 and prior",
"version": {
"version_data": [
{
"version_value": "Belden Hirschmann GECKO 2.0.00 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02"
},
{
"name" : "95815",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95815"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. After an administrator downloads a configuration file, a copy of the configuration file, which includes hashes of user passwords, is saved to a location that is accessible without authentication by path traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Belden Hirschmann GECKO path traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95815",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95815"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02"
}
]
}
}