admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:30:22 +00:00
parent 0a16891967
commit 0dc6f8f892
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
55 changed files with 5560 additions and 5560 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

710
2006/2xxx/CVE-2006-2783.json
View File

@ -1,357 +1,357 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2783", "ID": "CVE-2006-2783",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark (BOM) from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060602 rPSA-2006-0091-1 firefox thunderbird", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/435795/100/0/threaded" "lang": "eng",
}, "value": "Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark (BOM) from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT."
{ }
"name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-42.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-42.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT3613", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT3613" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2008-07-11", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2009-06-08-1", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html" "name": "20709",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20709"
"name" : "DSA-1118", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1118" "name": "21176",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21176"
"name" : "DSA-1120", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1120" "name": "MDKSA-2006:145",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145"
"name" : "DSA-1134", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1134" "name": "ADV-2006-3748",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3748"
"name" : "GLSA-200606-12", },
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml" "name": "USN-297-3",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/297-3/"
"name" : "GLSA-200606-21", },
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml" "name": "USN-296-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/296-1/"
"name" : "HPSBUX02153", },
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" "name": "USN-323-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/323-1/"
"name" : "SSRT061181", },
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" "name": "20561",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20561"
"name" : "HPSBUX02156", },
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" "name": "APPLE-SA-2009-06-08-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
"name" : "SSRT061236", },
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" "name": "21210",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21210"
"name" : "MDKSA-2006:143", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143" "name": "RHSA-2006:0594",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0594.html"
"name" : "MDKSA-2006:145", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145" "name": "21336",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21336"
"name" : "MDKSA-2006:146", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:146" "name": "20382",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20382"
"name" : "RHSA-2006:0578", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0578.html" "name": "1016214",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016214"
"name" : "RHSA-2006:0610", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0610.html" "name": "20060602 rPSA-2006-0091-1 firefox thunderbird",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/435795/100/0/threaded"
"name" : "RHSA-2006:0611", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0611.html" "name": "ADV-2006-3749",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3749"
"name" : "RHSA-2006:0609", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2006-0609.html" "name": "ADV-2009-1522",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/1522"
"name" : "RHSA-2006:0594", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0594.html" "name": "RHSA-2006:0610",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0610.html"
"name" : "SUSE-SA:2006:035", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2006_35_mozilla.html" "name": "20376",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20376"
"name" : "USN-296-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/296-1/" "name": "MDKSA-2006:146",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:146"
"name" : "USN-297-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/297-1/" "name": "RHSA-2006:0609",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2006-0609.html"
"name" : "USN-296-2", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/296-2/" "name": "21178",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21178"
"name" : "USN-297-3", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/297-3/" "name": "1016202",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016202"
"name" : "USN-323-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/323-1/" "name": "21607",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21607"
"name" : "18228", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/18228" "name": "18228",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/18228"
"name" : "oval:org.mitre.oval:def:10772", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10772" "name": "21532",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21532"
"name" : "35379", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35379" "name": "21270",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21270"
"name" : "ADV-2006-2106", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2106" "name": "ADV-2008-0083",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/0083"
"name" : "ADV-2006-3748", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3748" "name": "21188",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21188"
"name" : "ADV-2006-3749", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3749" "name": "21134",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21134"
"name" : "ADV-2008-0083", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0083" "name": "21631",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21631"
"name" : "ADV-2008-2094", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2094/references" "name": "SSRT061181",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
"name" : "1016202", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016202" "name": "SSRT061236",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
"name" : "1016214", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016214" "name": "35379",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35379"
"name" : "20376", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20376" "name": "USN-296-2",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/296-2/"
"name" : "20382", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20382" "name": "GLSA-200606-21",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml"
"name" : "20561", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20561" "name": "DSA-1118",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1118"
"name" : "20709", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20709" "name": "HPSBUX02153",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
"name" : "21134", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21134" "name": "DSA-1120",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1120"
"name" : "21183", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21183" "name": "RHSA-2006:0611",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0611.html"
"name" : "21176", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21176" "name": "mozilla-bom-utf8-xss(26852)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26852"
"name" : "21178", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21178" "name": "APPLE-SA-2008-07-11",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
"name" : "21188", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21188" "name": "HPSBUX02156",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
"name" : "21210", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21210" "name": "DSA-1134",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1134"
"name" : "21269", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21269" "name": "GLSA-200606-12",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml"
"name" : "21270", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21270" "name": "oval:org.mitre.oval:def:10772",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10772"
"name" : "21336", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21336" "name": "21324",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21324"
"name" : "21324", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21324" "name": "21183",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21183"
"name" : "21532", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21532" "name": "ADV-2008-2094",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/2094/references"
"name" : "21607", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21607" "name": "22066",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22066"
"name" : "21631", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21631" "name": "21269",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21269"
"name" : "22065", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22065" "name": "SUSE-SA:2006:035",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2006_35_mozilla.html"
"name" : "22066", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22066" "name": "http://support.apple.com/kb/HT3613",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT3613"
"name" : "31074", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31074" "name": "USN-297-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/297-1/"
"name" : "ADV-2009-1522", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1522" "name": "RHSA-2006:0578",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0578.html"
"name" : "mozilla-bom-utf8-xss(26852)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26852" "name": "ADV-2006-2106",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/2106"
} },
} {
"name": "MDKSA-2006:143",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143"
},
{
"name": "http://www.mozilla.org/security/announce/2006/mfsa2006-42.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-42.html"
},
{
"name": "22065",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22065"
},
{
"name": "31074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31074"
}
]
}
}

1530
2006/2xxx/CVE-2006-2937.json
View File

File diff suppressed because it is too large Load Diff

34
2006/2xxx/CVE-2006-2939.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2006-2939", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2006-2939",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none."
} }
] ]
} }
} }

130
2006/3xxx/CVE-2006-3302.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3302", "ID": "CVE-2006-3302",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in mod_cbsms.php in CBSMS Mambo Module 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosC_a_path parameter. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "ADV-2006-2528", "description_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2528" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in mod_cbsms.php in CBSMS Mambo Module 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosC_a_path parameter. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information."
{ }
"name" : "cbsms-multiple-scripts-file-include(27374)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27374" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cbsms-multiple-scripts-file-include(27374)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27374"
},
{
"name": "ADV-2006-2528",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2528"
}
]
}
}

220
2006/3xxx/CVE-2006-3439.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2006-3439", "ID": "CVE-2006-3439",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.dhs.gov/dhspublic/display?content=5789", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.dhs.gov/dhspublic/display?content=5789" "lang": "eng",
}, "value": "Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314."
{ }
"name" : "20060814 Mitigating Exploitation of the MS06-040 Service Buffer Vulnerability", ]
"refsource" : "CISCO", },
"url" : "http://www.cisco.com/en/US/products/ps6120/tsd_products_security_response09186a008070c75a.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MS06-040", "description": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-040" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "TA06-220A", ]
"refsource" : "CERT", }
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" ]
}, },
{ "references": {
"name" : "VU#650769", "reference_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/650769" "name": "http://www.dhs.gov/dhspublic/display?content=5789",
}, "refsource": "MISC",
{ "url": "http://www.dhs.gov/dhspublic/display?content=5789"
"name" : "19409", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/19409" "name": "20060814 Mitigating Exploitation of the MS06-040 Service Buffer Vulnerability",
}, "refsource": "CISCO",
{ "url": "http://www.cisco.com/en/US/products/ps6120/tsd_products_security_response09186a008070c75a.html"
"name" : "ADV-2006-3210", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3210" "name": "MS06-040",
}, "refsource": "MS",
{ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-040"
"name" : "oval:org.mitre.oval:def:492", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A492" "name": "VU#650769",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/650769"
"name" : "1016667", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016667" "name": "1016667",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016667"
"name" : "21388", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21388" "name": "19409",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/19409"
"name" : "ms-server-service-bo(28002)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28002" "name": "TA06-220A",
} "refsource": "CERT",
] "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
} },
} {
"name": "oval:org.mitre.oval:def:492",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A492"
},
{
"name": "ms-server-service-bo(28002)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28002"
},
{
"name": "ADV-2006-3210",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3210"
},
{
"name": "21388",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21388"
}
]
}
}

540
2006/3xxx/CVE-2006-3465.json
View File

@ -1,272 +1,272 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2006-3465", "ID": "CVE-2006-3465",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the custom tag support for the TIFF library (libtiff) before 3.8.2 allows remote attackers to cause a denial of service (instability or crash) and execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://docs.info.apple.com/article.html?artnum=304063", "description_data": [
"refsource" : "MISC", {
"url" : "http://docs.info.apple.com/article.html?artnum=304063" "lang": "eng",
}, "value": "Unspecified vulnerability in the custom tag support for the TIFF library (libtiff) before 3.8.2 allows remote attackers to cause a denial of service (instability or crash) and execute arbitrary code via unknown vectors."
{ }
"name" : "https://issues.rpath.com/browse/RPL-558", ]
"refsource" : "CONFIRM", },
"url" : "https://issues.rpath.com/browse/RPL-558" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2006-08-01", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html" ]
}, },
{ "references": {
"name" : "DSA-1137", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1137" "name": "20060801-01-P",
}, "refsource": "SGI",
{ "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"
"name" : "GLSA-200608-07", },
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml" "name": "APPLE-SA-2006-08-01",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
"name" : "MDKSA-2006:137", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:137" "name": "21501",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21501"
"name" : "RHSA-2006:0603", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0603.html" "name": "oval:org.mitre.oval:def:9067",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9067"
"name" : "RHSA-2006:0648", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0648.html" "name": "21537",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21537"
"name" : "20060801-01-P", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P" "name": "21632",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21632"
"name" : "20060901-01-P", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc" "name": "GLSA-200608-07",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml"
"name" : "SSA:2006-230-01", },
"refsource" : "SLACKWARE", {
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600" "name": "21338",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21338"
"name" : "103160", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1" "name": "USN-330-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-330-1"
"name" : "201331", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1" "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm"
"name" : "SUSE-SA:2006:044", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2006_44_libtiff.html" "name": "ADV-2006-3101",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3101"
"name" : "2006-0044", },
"refsource" : "TRUSTIX", {
"url" : "http://lwn.net/Alerts/194228/" "name": "1016628",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016628"
"name" : "USN-330-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-330-1" "name": "21253",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21253"
"name" : "TA06-214A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-214A.html" "name": "DSA-1137",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1137"
"name" : "19287", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/19287" "name": "21370",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21370"
"name" : "19289", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/19289" "name": "1016671",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016671"
"name" : "oval:org.mitre.oval:def:9067", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9067" "name": "21598",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21598"
"name" : "ADV-2006-3101", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3101" "name": "RHSA-2006:0648",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0648.html"
"name" : "ADV-2006-3105", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3105" "name": "MDKSA-2006:137",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:137"
"name" : "ADV-2007-4034", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/4034" "name": "19289",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/19289"
"name" : "27729", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27729" "name": "ADV-2007-4034",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/4034"
"name" : "1016628", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016628" "name": "TA06-214A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
"name" : "1016671", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016671" "name": "SUSE-SA:2006:044",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2006_44_libtiff.html"
"name" : "21253", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21253" "name": "21290",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21290"
"name" : "21370", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21370" "name": "21274",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21274"
"name" : "21274", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21274" "name": "ADV-2006-3105",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3105"
"name" : "21290", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21290" "name": "27729",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/27729"
"name" : "21334", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21334" "name": "RHSA-2006:0603",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0603.html"
"name" : "21392", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21392" "name": "20060901-01-P",
}, "refsource": "SGI",
{ "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
"name" : "21501", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21501" "name": "21304",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21304"
"name" : "21537", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21537" "name": "SSA:2006-230-01",
}, "refsource": "SLACKWARE",
{ "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600"
"name" : "21632", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21632" "name": "http://docs.info.apple.com/article.html?artnum=304063",
}, "refsource": "MISC",
{ "url": "http://docs.info.apple.com/article.html?artnum=304063"
"name" : "21598", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21598" "name": "https://issues.rpath.com/browse/RPL-558",
}, "refsource": "CONFIRM",
{ "url": "https://issues.rpath.com/browse/RPL-558"
"name" : "22036", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22036" "name": "27832",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/27832"
"name" : "21304", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21304" "name": "21346",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21346"
"name" : "21319", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21319" "name": "201331",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1"
"name" : "21338", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21338" "name": "19287",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/19287"
"name" : "21346", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21346" "name": "21319",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21319"
"name" : "27832", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/27832" "name": "21392",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/21392"
} },
} {
"name": "21334",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21334"
},
{
"name": "22036",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22036"
},
{
"name": "2006-0044",
"refsource": "TRUSTIX",
"url": "http://lwn.net/Alerts/194228/"
},
{
"name": "103160",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1"
}
]
}
}

350
2006/3xxx/CVE-2006-3631.json
View File

@ -1,177 +1,177 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2006-3631", "ID": "CVE-2006-3631",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the SSH dissector in Wireshark (aka Ethereal) 0.9.10 to 0.99.0 allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060719 rPSA-2006-0132-1 tshark wireshark", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/440576/100/0/threaded" "lang": "eng",
}, "value": "Unspecified vulnerability in the SSH dissector in Wireshark (aka Ethereal) 0.9.10 to 0.99.0 allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors."
{ }
"name" : "http://www.wireshark.org/security/wnpa-sec-2006-01.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.wireshark.org/security/wnpa-sec-2006-01.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-197.htm", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-197.htm" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-1127", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2006/dsa-1127" ]
}, },
{ "references": {
"name" : "GLSA-200607-09", "reference_data": [
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200607-09.xml" "name": "20060801-01-P",
}, "refsource": "SGI",
{ "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"
"name" : "MDKSA-2006:128", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:128" "name": "RHSA-2006:0602",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2006-0602.html"
"name" : "RHSA-2006:0602", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2006-0602.html" "name": "SUSE-SR:2006:020",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2006_20_sr.html"
"name" : "20060801-01-P", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P" "name": "21121",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21121"
"name" : "SUSE-SR:2006:020", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2006_20_sr.html" "name": "1016532",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016532"
"name" : "19051", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/19051" "name": "21078",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21078"
"name" : "oval:org.mitre.oval:def:11476", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11476" "name": "GLSA-200607-09",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200607-09.xml"
"name" : "ADV-2006-2850", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2850" "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-197.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-197.htm"
"name" : "27370", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27370" "name": "21598",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21598"
"name" : "1016532", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016532" "name": "21467",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21467"
"name" : "21078", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21078" "name": "22089",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22089"
"name" : "21107", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21107" "name": "21204",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21204"
"name" : "21121", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21121" "name": "20060719 rPSA-2006-0132-1 tshark wireshark",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/440576/100/0/threaded"
"name" : "21204", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21204" "name": "wireshark-ssh-dos(27829)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27829"
"name" : "21249", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21249" "name": "ADV-2006-2850",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/2850"
"name" : "21488", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21488" "name": "http://www.wireshark.org/security/wnpa-sec-2006-01.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.wireshark.org/security/wnpa-sec-2006-01.html"
"name" : "21598", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21598" "name": "27370",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/27370"
"name" : "22089", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22089" "name": "DSA-1127",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1127"
"name" : "21467", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21467" "name": "21107",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21107"
"name" : "wireshark-ssh-dos(27829)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27829" "name": "21249",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/21249"
} },
} {
"name": "MDKSA-2006:128",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:128"
},
{
"name": "21488",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21488"
},
{
"name": "oval:org.mitre.oval:def:11476",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11476"
},
{
"name": "19051",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19051"
}
]
}
}

470
2006/3xxx/CVE-2006-3746.json
View File

@ -1,237 +1,237 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2006-3746", "ID": "CVE-2006-3746",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) via a crafted message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060802 rPSA-2006-0143-1 gnupg", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/442012/100/0/threaded" "lang": "eng",
}, "value": "Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) via a crafted message."
{ }
"name" : "20060808 ERRATA: [ GLSA 200608-08 ] GnuPG: Integer overflow vulnerability", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/442621/100/100/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[Dailydave] 20060721 GnuPG 1.4.4 fun", "description": [
"refsource" : "MLIST", {
"url" : "http://lists.immunitysec.com/pipermail/dailydave/2006-July/003354.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[Gnupg-devel] 20060725 Re: [Dailydave] GnuPG 1.4.4 fun", ]
"refsource" : "MLIST", }
"url" : "http://www.gossamer-threads.com/lists/gnupg/devel/37623" ]
}, },
{ "references": {
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200502", "reference_data": [
"refsource" : "MISC", {
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200502" "name": "20060801-01-P",
}, "refsource": "SGI",
{ "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi/gnupg.CVE-2006-3746.diff?bug=381204;msg=15;att=1", },
"refsource" : "MISC", {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi/gnupg.CVE-2006-3746.diff?bug=381204;msg=15;att=1" "name": "21329",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21329"
"name" : "http://issues.rpath.com/browse/RPL-560", },
"refsource" : "MISC", {
"url" : "http://issues.rpath.com/browse/RPL-560" "name": "RHSA-2006:0615",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0615.html"
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-164.htm", },
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-164.htm" "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi/gnupg.CVE-2006-3746.diff?bug=381204;msg=15;att=1",
}, "refsource": "MISC",
{ "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi/gnupg.CVE-2006-3746.diff?bug=381204;msg=15;att=1"
"name" : "DSA-1140", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1140" "name": "21297",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21297"
"name" : "DSA-1141", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1141" "name": "ADV-2006-3123",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3123"
"name" : "GLSA-200608-08", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200608-08.xml" "name": "SUSE-SR:2006:020",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2006_20_sr.html"
"name" : "MDKSA-2006:141", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:141" "name": "oval:org.mitre.oval:def:11347",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11347"
"name" : "RHSA-2006:0615", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0615.html" "name": "21300",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21300"
"name" : "20060801-01-P", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P" "name": "21326",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21326"
"name" : "SUSE-SR:2006:020", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2006_20_sr.html" "name": "http://issues.rpath.com/browse/RPL-560",
}, "refsource": "MISC",
{ "url": "http://issues.rpath.com/browse/RPL-560"
"name" : "2006-0044", },
"refsource" : "TRUSTIX", {
"url" : "http://lwn.net/Alerts/194228/" "name": "21598",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21598"
"name" : "USN-332-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-332-1" "name": "gnupg-parsecomment-bo(28220)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28220"
"name" : "19110", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/19110" "name": "21467",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21467"
"name" : "oval:org.mitre.oval:def:11347", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11347" "name": "DSA-1140",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1140"
"name" : "ADV-2006-3123", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3123" "name": "19110",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/19110"
"name" : "27664", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27664" "name": "21351",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21351"
"name" : "1016622", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016622" "name": "21522",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21522"
"name" : "21306", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21306" "name": "21333",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21333"
"name" : "21329", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21329" "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-164.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-164.htm"
"name" : "21378", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21378" "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200502",
}, "refsource": "MISC",
{ "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200502"
"name" : "21351", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21351" "name": "[Gnupg-devel] 20060725 Re: [Dailydave] GnuPG 1.4.4 fun",
}, "refsource": "MLIST",
{ "url": "http://www.gossamer-threads.com/lists/gnupg/devel/37623"
"name" : "21297", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21297" "name": "MDKSA-2006:141",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:141"
"name" : "21333", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21333" "name": "[Dailydave] 20060721 GnuPG 1.4.4 fun",
}, "refsource": "MLIST",
{ "url": "http://lists.immunitysec.com/pipermail/dailydave/2006-July/003354.html"
"name" : "21326", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21326" "name": "USN-332-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-332-1"
"name" : "21300", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21300" "name": "21378",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21378"
"name" : "21522", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21522" "name": "1016622",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016622"
"name" : "21524", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21524" "name": "27664",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/27664"
"name" : "21598", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21598" "name": "21346",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21346"
"name" : "21346", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21346" "name": "20060808 ERRATA: [ GLSA 200608-08 ] GnuPG: Integer overflow vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/442621/100/100/threaded"
"name" : "21467", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21467" "name": "GLSA-200608-08",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200608-08.xml"
"name" : "gnupg-parsecomment-bo(28220)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28220" "name": "DSA-1141",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2006/dsa-1141"
} },
} {
"name": "20060802 rPSA-2006-0143-1 gnupg",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442012/100/0/threaded"
},
{
"name": "21306",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21306"
},
{
"name": "21524",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21524"
},
{
"name": "2006-0044",
"refsource": "TRUSTIX",
"url": "http://lwn.net/Alerts/194228/"
}
]
}
}

160
2006/3xxx/CVE-2006-3837.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3837", "ID": "CVE-2006-3837",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "delcookie.php in Professional Home Page Tools Guestbook changes the expiration date of a cookie instead of deleting the cookie's value, which makes it easier for attackers to steal the cookie and obtain the administrator's password hash after logout."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060717 Professional PHP Tools Guestbook Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/440421/100/0/threaded" "lang": "eng",
}, "value": "delcookie.php in Professional Home Page Tools Guestbook changes the expiration date of a cookie instead of deleting the cookie's value, which makes it easier for attackers to steal the cookie and obtain the administrator's password hash after logout."
{ }
"name" : "http://artemis.abenteuer-mittelerde.de/pub/adv02-phptgb.txt", ]
"refsource" : "MISC", },
"url" : "http://artemis.abenteuer-mittelerde.de/pub/adv02-phptgb.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "21102", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21102" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1275", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/1275" ]
}, },
{ "references": {
"name" : "phptguestbook-setcookie-insecure-cookie(27775)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27775" "name": "1275",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/1275"
} },
} {
"name": "http://artemis.abenteuer-mittelerde.de/pub/adv02-phptgb.txt",
"refsource": "MISC",
"url": "http://artemis.abenteuer-mittelerde.de/pub/adv02-phptgb.txt"
},
{
"name": "20060717 Professional PHP Tools Guestbook Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440421/100/0/threaded"
},
{
"name": "phptguestbook-setcookie-insecure-cookie(27775)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27775"
},
{
"name": "21102",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21102"
}
]
}
}

280
2006/4xxx/CVE-2006-4447.json
View File

@ -1,142 +1,142 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4447", "ID": "CVE-2006-4447",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[xorg] 20060620 X.Org security advisory: setuid return value check problems", "description_data": [
"refsource" : "MLIST", {
"url" : "http://lists.freedesktop.org/archives/xorg/2006-June/016146.html" "lang": "eng",
}, "value": "X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit."
{ }
"name" : "[beast] 20061228 ANNOUNCE: BEAST/BSE v0.7.1", ]
"refsource" : "MLIST", },
"url" : "http://mail.gnome.org/archives/beast/2006-December/msg00025.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-1193", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1193" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-200608-25", ]
"refsource" : "GENTOO", }
"url" : "http://security.gentoo.org/glsa/glsa-200608-25.xml" ]
}, },
{ "references": {
"name" : "GLSA-200704-22", "reference_data": [
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200704-22.xml" "name": "21660",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21660"
"name" : "MDKSA-2006:160", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:160" "name": "MDKSA-2006:160",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:160"
"name" : "VU#300368", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/300368" "name": "[xorg] 20060620 X.Org security advisory: setuid return value check problems",
}, "refsource": "MLIST",
{ "url": "http://lists.freedesktop.org/archives/xorg/2006-June/016146.html"
"name" : "19742", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/19742" "name": "VU#300368",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/300368"
"name" : "23697", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/23697" "name": "ADV-2006-3409",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3409"
"name" : "ADV-2006-3409", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3409" "name": "21693",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21693"
"name" : "ADV-2007-0409", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/0409" "name": "DSA-1193",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1193"
"name" : "21650", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21650" "name": "GLSA-200704-22",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200704-22.xml"
"name" : "21660", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21660" "name": "22332",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22332"
"name" : "21693", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21693" "name": "ADV-2007-0409",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/0409"
"name" : "22332", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22332" "name": "GLSA-200608-25",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200608-25.xml"
"name" : "25032", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25032" "name": "23697",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/23697"
"name" : "25059", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25059" "name": "25059",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/25059"
} },
} {
"name": "25032",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25032"
},
{
"name": "[beast] 20061228 ANNOUNCE: BEAST/BSE v0.7.1",
"refsource": "MLIST",
"url": "http://mail.gnome.org/archives/beast/2006-December/msg00025.html"
},
{
"name": "19742",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19742"
},
{
"name": "21650",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21650"
}
]
}
}

150
2006/6xxx/CVE-2006-6023.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6023", "ID": "CVE-2006-6023",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** PHP remote file inclusion vulnerability in phoo.base.php in Bill Roberts Bloo 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the descriptorFileList parameter. NOTE: this issue is disputed by CVE since $descriptorFileList is used in a function definition within phoo.base.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061116 Bloo => 1.00 Remote File Include Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/451818/100/0/threaded" "lang": "eng",
}, "value": "** DISPUTED ** PHP remote file inclusion vulnerability in phoo.base.php in Bill Roberts Bloo 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the descriptorFileList parameter. NOTE: this issue is disputed by CVE since $descriptorFileList is used in a function definition within phoo.base.php."
{ }
"name" : "20061121 CVE dispute for Bloo RFI", ]
"refsource" : "VIM", },
"url" : "http://www.attrition.org/pipermail/vim/2006-November/001137.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1893", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1893" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "bloo-base-file-include(30336)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30336" ]
} },
] "references": {
} "reference_data": [
} {
"name": "bloo-base-file-include(30336)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30336"
},
{
"name": "20061121 CVE dispute for Bloo RFI",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-November/001137.html"
},
{
"name": "20061116 Bloo => 1.00 Remote File Include Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451818/100/0/threaded"
},
{
"name": "1893",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1893"
}
]
}
}

160
2006/6xxx/CVE-2006-6430.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6430", "ID": "CVE-2006-6430",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Web services in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 do not require HTTPS, which allows remote attackers to obtain sensitive information by sniffing the unencrypted HTTP traffic."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf" "lang": "eng",
}, "value": "Web services in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 do not require HTTPS, which allows remote attackers to obtain sensitive information by sniffing the unencrypted HTTP traffic."
{ }
"name" : "21365", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/21365" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-4791", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4791" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "23265", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/23265" ]
}, },
{ "references": {
"name" : "xerox-https-security-bypass(30679)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30679" "name": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf",
} "refsource": "CONFIRM",
] "url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf"
} },
} {
"name": "xerox-https-security-bypass(30679)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30679"
},
{
"name": "23265",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23265"
},
{
"name": "21365",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21365"
},
{
"name": "ADV-2006-4791",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4791"
}
]
}
}

140
2006/6xxx/CVE-2006-6896.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6896", "ID": "CVE-2006-6896",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Bluetooth stack in the Plantronic Headset does not properly implement Non-pairable mode, which allows remote attackers to conduct unauthorized pair-up operations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070104 23C3 - Bluetooth hacking revisted [Summary and Code]", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/455889/100/0/threaded" "lang": "eng",
}, "value": "The Bluetooth stack in the Plantronic Headset does not properly implement Non-pairable mode, which allows remote attackers to conduct unauthorized pair-up operations."
{ }
"name" : "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf", ]
"refsource" : "MISC", },
"url" : "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "37586", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/37586" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf",
"refsource": "MISC",
"url": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf"
},
{
"name": "20070104 23C3 - Bluetooth hacking revisted [Summary and Code]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455889/100/0/threaded"
},
{
"name": "37586",
"refsource": "OSVDB",
"url": "http://osvdb.org/37586"
}
]
}
}

270
2011/0xxx/CVE-2011-0083.json
View File

@ -1,137 +1,137 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-0083", "ID": "CVE-2011-0083",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-23.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-23.html" "lang": "eng",
}, "value": "Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=648090", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=648090" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.avaya.com/css/P8/documents/100144854", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/css/P8/documents/100144854" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.avaya.com/css/P8/documents/100145333", ]
"refsource" : "CONFIRM", }
"url" : "http://support.avaya.com/css/P8/documents/100145333" ]
}, },
{ "references": {
"name" : "DSA-2268", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2011/dsa-2268" "name": "oval:org.mitre.oval:def:13543",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13543"
"name" : "DSA-2269", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2011/dsa-2269" "name": "MDVSA-2011:111",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:111"
"name" : "DSA-2273", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2011/dsa-2273" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=648090",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=648090"
"name" : "MDVSA-2011:111", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:111" "name": "45002",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/45002"
"name" : "RHSA-2011:0885", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0885.html" "name": "http://support.avaya.com/css/P8/documents/100145333",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/css/P8/documents/100145333"
"name" : "RHSA-2011:0886", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0886.html" "name": "USN-1149-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1149-1"
"name" : "RHSA-2011:0887", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0887.html" "name": "http://support.avaya.com/css/P8/documents/100144854",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/css/P8/documents/100144854"
"name" : "RHSA-2011:0888", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0888.html" "name": "RHSA-2011:0887",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-0887.html"
"name" : "SUSE-SA:2011:028", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html" "name": "RHSA-2011:0885",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-0885.html"
"name" : "USN-1149-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1149-1" "name": "DSA-2268",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2011/dsa-2268"
"name" : "oval:org.mitre.oval:def:13543", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13543" "name": "RHSA-2011:0888",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-0888.html"
"name" : "45002", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/45002" "name": "DSA-2269",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2011/dsa-2269"
} },
} {
"name": "SUSE-SA:2011:028",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html"
},
{
"name": "RHSA-2011:0886",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0886.html"
},
{
"name": "DSA-2273",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2273"
},
{
"name": "http://www.mozilla.org/security/announce/2011/mfsa2011-23.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2011/mfsa2011-23.html"
}
]
}
}

170
2011/0xxx/CVE-2011-0449.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-0449", "ID": "CVE-2011-0449",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[rubyonrails-security] 20110209 Filter Problems on Case-Insensitive Filesystems", "description_data": [
"refsource" : "MLIST", {
"url" : "http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain" "lang": "eng",
}, "value": "actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters."
{ }
"name" : "http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4", ]
"refsource" : "CONFIRM", },
"url" : "http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2011-4358", "description": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1025061", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1025061" ]
}, },
{ "references": {
"name" : "43278", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43278" "name": "1025061",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1025061"
"name" : "ADV-2011-0877", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0877" "name": "[rubyonrails-security] 20110209 Filter Problems on Case-Insensitive Filesystems",
} "refsource": "MLIST",
] "url": "http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain"
} },
} {
"name": "http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4",
"refsource": "CONFIRM",
"url": "http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4"
},
{
"name": "FEDORA-2011-4358",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html"
},
{
"name": "43278",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43278"
},
{
"name": "ADV-2011-0877",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0877"
}
]
}
}

130
2011/0xxx/CVE-2011-0658.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2011-0658", "ID": "CVE-2011-0658",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted WMF file, aka \"OLE Automation Underflow Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS11-038", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-038" "lang": "eng",
}, "value": "Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted WMF file, aka \"OLE Automation Underflow Vulnerability.\""
{ }
"name" : "oval:org.mitre.oval:def:12335", ]
"refsource" : "OVAL", },
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12335" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS11-038",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-038"
},
{
"name": "oval:org.mitre.oval:def:12335",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12335"
}
]
}
}

160
2011/1xxx/CVE-2011-1119.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-1119", "ID": "CVE-2011-1119",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 9.0.597.107 does not properly determine device orientation, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=71595", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=71595" "lang": "eng",
}, "value": "Google Chrome before 9.0.597.107 does not properly determine device orientation, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\""
{ }
"name" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "46614", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/46614" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:14542", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14542" ]
}, },
{ "references": {
"name" : "google-chrome-orientation-dos(65737)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65737" "name": "google-chrome-orientation-dos(65737)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65737"
} },
} {
"name": "46614",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46614"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=71595",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=71595"
},
{
"name": "oval:org.mitre.oval:def:14542",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14542"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html"
}
]
}
}

220
2011/1xxx/CVE-2011-1187.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-1187", "ID": "CVE-2011-1187",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an \"error message leak.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=69187", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=69187" "lang": "eng",
}, "value": "Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an \"error message leak.\""
{ }
"name" : "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-32.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-32.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=624621", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=624621" ]
}, },
{ "references": {
"name" : "46785", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/46785" "name": "46785",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/46785"
"name" : "oval:org.mitre.oval:def:14369", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14369" "name": "google-unspecified-info-disc(65951)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65951"
"name" : "48972", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48972" "name": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html",
}, "refsource": "CONFIRM",
{ "url": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html"
"name" : "49047", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/49047" "name": "49055",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/49055"
"name" : "49055", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/49055" "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-32.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-32.html"
"name" : "ADV-2011-0628", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0628" "name": "48972",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48972"
"name" : "google-unspecified-info-disc(65951)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65951" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=624621",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=624621"
} },
} {
"name": "49047",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49047"
},
{
"name": "oval:org.mitre.oval:def:14369",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14369"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=69187",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=69187"
},
{
"name": "ADV-2011-0628",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0628"
}
]
}
}

150
2011/1xxx/CVE-2011-1250.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2011-1250", "ID": "CVE-2011-1250",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka \"Link Properties Handling Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20110615 NSFOCUS SA2011-01 : Microsoft Internet Explorer Link Property Processing Memory Corruption Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/518445/100/0/threaded" "lang": "eng",
}, "value": "Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka \"Link Properties Handling Memory Corruption Vulnerability.\""
{ }
"name" : "http://www.nsfocus.com/en/advisories/1101.html", ]
"refsource" : "MISC", },
"url" : "http://www.nsfocus.com/en/advisories/1101.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MS11-050", "description": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:12708", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12708" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20110615 NSFOCUS SA2011-01 : Microsoft Internet Explorer Link Property Processing Memory Corruption Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/518445/100/0/threaded"
},
{
"name": "http://www.nsfocus.com/en/advisories/1101.html",
"refsource": "MISC",
"url": "http://www.nsfocus.com/en/advisories/1101.html"
},
{
"name": "oval:org.mitre.oval:def:12708",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12708"
},
{
"name": "MS11-050",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050"
}
]
}
}

150
2011/1xxx/CVE-2011-1435.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-1435", "ID": "CVE-2011-1435",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 11.0.696.57 does not properly implement the tabs permission for extensions, which allows remote attackers to read local files via a crafted extension."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=72523", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=72523" "lang": "eng",
}, "value": "Google Chrome before 11.0.696.57 does not properly implement the tabs permission for extensions, which allows remote attackers to read local files via a crafted extension."
{ }
"name" : "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:14586", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14586" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "chrome-extension-info-disc(67142)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67142" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://code.google.com/p/chromium/issues/detail?id=72523",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=72523"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html"
},
{
"name": "oval:org.mitre.oval:def:14586",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14586"
},
{
"name": "chrome-extension-info-disc(67142)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67142"
}
]
}
}

150
2011/1xxx/CVE-2011-1799.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2011-1799", "ID": "CVE-2011-1799",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 11.0.696.68 does not properly perform casts of variables during interaction with the WebKit engine, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=64046", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=64046" "lang": "eng",
}, "value": "Google Chrome before 11.0.696.68 does not properly perform casts of variables during interaction with the WebKit engine, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors."
{ }
"name" : "http://googlechromereleases.blogspot.com/2011/05/stable-channel-update.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2011/05/stable-channel-update.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-2245", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2011/dsa-2245" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:14029", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14029" ]
} },
] "references": {
} "reference_data": [
} {
"name": "DSA-2245",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2245"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/05/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/05/stable-channel-update.html"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=64046",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=64046"
},
{
"name": "oval:org.mitre.oval:def:14029",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14029"
}
]
}
}

250
2011/1xxx/CVE-2011-1947.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-1947", "ID": "CVE-2011-1947",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20110606 fetchmail security announcement fetchmail-SA-2011-01 (CVE-2011-1947)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/518251/100/0/threaded" "lang": "eng",
}, "value": "fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets."
{ }
"name" : "[oss-security] 20110530 CVE request for fetchmail STARTTLS hang (Denial of Service)", ]
"refsource" : "MLIST", },
"url" : "http://openwall.com/lists/oss-security/2011/05/30/1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20110531 Re: CVE request for fetchmail STARTTLS hang (Denial of Service)", "description": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2011/05/31/12" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20110531 Re: CVE request for fetchmail STARTTLS hang (Denial of Service)", ]
"refsource" : "MLIST", }
"url" : "http://openwall.com/lists/oss-security/2011/05/31/17" ]
}, },
{ "references": {
"name" : "[oss-security] 20110601 Re: CVE request for fetchmail STARTTLS hang (Denial of Service)", "reference_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2011/06/01/2" "name": "[oss-security] 20110531 Re: CVE request for fetchmail STARTTLS hang (Denial of Service)",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2011/05/31/17"
"name" : "http://gitorious.org/fetchmail/fetchmail/blobs/legacy_63/fetchmail-SA-2011-01.txt", },
"refsource" : "CONFIRM", {
"url" : "http://gitorious.org/fetchmail/fetchmail/blobs/legacy_63/fetchmail-SA-2011-01.txt" "name": "48043",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/48043"
"name" : "http://www.fetchmail.info/fetchmail-SA-2011-01.txt", },
"refsource" : "CONFIRM", {
"url" : "http://www.fetchmail.info/fetchmail-SA-2011-01.txt" "name": "FEDORA-2011-8011",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061672.html"
"name" : "FEDORA-2011-8011", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061672.html" "name": "[oss-security] 20110531 Re: CVE request for fetchmail STARTTLS hang (Denial of Service)",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2011/05/31/12"
"name" : "FEDORA-2011-8021", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061735.html" "name": "[oss-security] 20110530 CVE request for fetchmail STARTTLS hang (Denial of Service)",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2011/05/30/1"
"name" : "FEDORA-2011-8059", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061634.html" "name": "20110606 fetchmail security announcement fetchmail-SA-2011-01 (CVE-2011-1947)",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/518251/100/0/threaded"
"name" : "MDVSA-2011:107", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:107" "name": "FEDORA-2011-8059",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061634.html"
"name" : "48043", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/48043" "name": "http://gitorious.org/fetchmail/fetchmail/blobs/legacy_63/fetchmail-SA-2011-01.txt",
}, "refsource": "CONFIRM",
{ "url": "http://gitorious.org/fetchmail/fetchmail/blobs/legacy_63/fetchmail-SA-2011-01.txt"
"name" : "1025605", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1025605" "name": "1025605",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1025605"
"name" : "fetchmail-starttls-dos(67700)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67700" "name": "MDVSA-2011:107",
} "refsource": "MANDRIVA",
] "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:107"
} },
} {
"name": "FEDORA-2011-8021",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061735.html"
},
{
"name": "http://www.fetchmail.info/fetchmail-SA-2011-01.txt",
"refsource": "CONFIRM",
"url": "http://www.fetchmail.info/fetchmail-SA-2011-01.txt"
},
{
"name": "[oss-security] 20110601 Re: CVE request for fetchmail STARTTLS hang (Denial of Service)",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/06/01/2"
},
{
"name": "fetchmail-starttls-dos(67700)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67700"
}
]
}
}

300
2011/3xxx/CVE-2011-3357.json
View File

@ -1,152 +1,152 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-3357", "ID": "CVE-2011-3357",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter, related to bug_actiongroup_page.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20110905 Multiple vulnerabilities in MantisBT", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/519547/100/0/threaded" "lang": "eng",
}, "value": "Directory traversal vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter, related to bug_actiongroup_page.php."
{ }
"name" : "[debian-security-tracker] 20110908 Security Fix for mantis stable 1.1.8", ]
"refsource" : "MLIST", },
"url" : "http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20110904 CVE requests: <mantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/09/04/1" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20110904 Re: CVE requests: <mantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)", ]
"refsource" : "MLIST", }
"url" : "http://www.openwall.com/lists/oss-security/2011/09/04/2" ]
}, },
{ "references": {
"name" : "[oss-security] 20110909 Re: CVE requests: <mantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)", "reference_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/09/09/9" "name": "8392",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/8392"
"name" : "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html", },
"refsource" : "MISC", {
"url" : "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html" "name": "https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f"
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297", },
"refsource" : "CONFIRM", {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297" "name": "DSA-2308",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2011/dsa-2308"
"name" : "http://www.mantisbt.org/bugs/view.php?id=13281", },
"refsource" : "CONFIRM", {
"url" : "http://www.mantisbt.org/bugs/view.php?id=13281" "name": "[oss-security] 20110904 CVE requests: <mantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2011/09/04/1"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=735514", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=735514" "name": "GLSA-201211-01",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201211-01.xml"
"name" : "https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d", },
"refsource" : "CONFIRM", {
"url" : "https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d" "name": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html",
}, "refsource": "MISC",
{ "url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html"
"name" : "https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f", },
"refsource" : "CONFIRM", {
"url" : "https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f" "name": "[oss-security] 20110904 Re: CVE requests: <mantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2011/09/04/2"
"name" : "DSA-2308", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2011/dsa-2308" "name": "45961",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/45961"
"name" : "FEDORA-2011-12369", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html" "name": "https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d"
"name" : "GLSA-201211-01", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201211-01.xml" "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297",
}, "refsource": "CONFIRM",
{ "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297"
"name" : "49448", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/49448" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=735514",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=735514"
"name" : "45961", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/45961" "name": "49448",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/49448"
"name" : "51199", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51199" "name": "http://www.mantisbt.org/bugs/view.php?id=13281",
}, "refsource": "CONFIRM",
{ "url": "http://www.mantisbt.org/bugs/view.php?id=13281"
"name" : "8392", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/8392" "name": "mantisbt-action-file-include(69588)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69588"
"name" : "mantisbt-action-file-include(69588)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69588" "name": "51199",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/51199"
} },
} {
"name": "[oss-security] 20110909 Re: CVE requests: <mantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/09/09/9"
},
{
"name": "[debian-security-tracker] 20110908 Security Fix for mantis stable 1.1.8",
"refsource": "MLIST",
"url": "http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html"
},
{
"name": "FEDORA-2011-12369",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html"
},
{
"name": "20110905 Multiple vulnerabilities in MantisBT",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/519547/100/0/threaded"
}
]
}
}

130
2011/3xxx/CVE-2011-3449.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2011-3449", "ID": "CVE-2011-3449",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT5130", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5130" "lang": "eng",
}, "value": "Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document."
{ }
"name" : "APPLE-SA-2012-02-01-1", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT5130",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5130"
},
{
"name": "APPLE-SA-2012-02-01-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
}
]
}
}

140
2011/3xxx/CVE-2011-3716.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3716", "ID": "CVE-2011-3716",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Claroline 1.9.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by work/connector/linker.cnr.php and certain other files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" "lang": "eng",
}, "value": "Claroline 1.9.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by work/connector/linker.cnr.php and certain other files."
{ }
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", ]
"refsource" : "MISC", },
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/claroline-1.9.7", "description": [
"refsource" : "MISC", {
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/claroline-1.9.7" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/claroline-1.9.7",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/claroline-1.9.7"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}

160
2011/3xxx/CVE-2011-3874.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2011-3874", "ID": "CVE-2011-3874",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in libsysutils in Android 2.2.x through 2.2.2 and 2.3.x through 2.3.6 allows user-assisted remote attackers to execute arbitrary code via an application that calls the FrameworkListener::dispatchCommand method with the wrong number of arguments, as demonstrated by zergRush to trigger a use-after-free error."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20111108 CVE request: Android: vold stack buffer overflow", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/11/08/3" "lang": "eng",
}, "value": "Stack-based buffer overflow in libsysutils in Android 2.2.x through 2.2.2 and 2.3.x through 2.3.6 allows user-assisted remote attackers to execute arbitrary code via an application that calls the FrameworkListener::dispatchCommand method with the wrong number of arguments, as demonstrated by zergRush to trigger a use-after-free error."
{ }
"name" : "[oss-security] 20111108 Re: CVE request: Android: vold stack buffer overflow", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2011/11/08/4" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20111109 Re: Re: CVE request: Android: vold stack buffer overflow", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/11/10/1" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/revolutionary/zergRush/blob/master/zergRush.c", ]
"refsource" : "MISC", }
"url" : "https://github.com/revolutionary/zergRush/blob/master/zergRush.c" ]
}, },
{ "references": {
"name" : "http://code.google.com/p/android/issues/detail?id=21681", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/android/issues/detail?id=21681" "name": "[oss-security] 20111108 CVE request: Android: vold stack buffer overflow",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2011/11/08/3"
} },
} {
"name": "https://github.com/revolutionary/zergRush/blob/master/zergRush.c",
"refsource": "MISC",
"url": "https://github.com/revolutionary/zergRush/blob/master/zergRush.c"
},
{
"name": "[oss-security] 20111109 Re: Re: CVE request: Android: vold stack buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/11/10/1"
},
{
"name": "http://code.google.com/p/android/issues/detail?id=21681",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/android/issues/detail?id=21681"
},
{
"name": "[oss-security] 20111108 Re: CVE request: Android: vold stack buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/11/08/4"
}
]
}
}

34
2011/4xxx/CVE-2011-4094.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-4094", "ID": "CVE-2011-4094",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

190
2011/4xxx/CVE-2011-4618.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-4618", "ID": "CVE-2011-4618",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20111121 Wordpress advanced-text-widget Plugin Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/520589" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter."
{ }
"name" : "20120417 Re: Wordpress advanced-text-widget Plugin Vulnerabilities", ]
"refsource" : "BUGTRAQ", },
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-04/0119.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20111219 Re: CVE-request: WordPress advanced-text-widget XSS advancedtext.php?page=", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/12/19/6" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://wordpress.org/support/topic/wordpress-advanced-text-widget-plugin-cross-site-scripting-vulnerabilities", ]
"refsource" : "MISC", }
"url" : "http://wordpress.org/support/topic/wordpress-advanced-text-widget-plugin-cross-site-scripting-vulnerabilities" ]
}, },
{ "references": {
"name" : "http://plugins.trac.wordpress.org/changeset?reponame=&new=466102@advanced-text-widget&old=465828@advanced-text-widget", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://plugins.trac.wordpress.org/changeset?reponame=&new=466102@advanced-text-widget&old=465828@advanced-text-widget" "name": "http://plugins.trac.wordpress.org/changeset?reponame=&new=466102@advanced-text-widget&old=465828@advanced-text-widget",
}, "refsource": "CONFIRM",
{ "url": "http://plugins.trac.wordpress.org/changeset?reponame=&new=466102@advanced-text-widget&old=465828@advanced-text-widget"
"name" : "http://wordpress.org/extend/plugins/advanced-text-widget/changelog/", },
"refsource" : "CONFIRM", {
"url" : "http://wordpress.org/extend/plugins/advanced-text-widget/changelog/" "name": "advancedtextwidget-advancedtext-xss(71412)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71412"
"name" : "50744", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/50744" "name": "[oss-security] 20111219 Re: CVE-request: WordPress advanced-text-widget XSS advancedtext.php?page=",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2011/12/19/6"
"name" : "advancedtextwidget-advancedtext-xss(71412)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71412" "name": "20120417 Re: Wordpress advanced-text-widget Plugin Vulnerabilities",
} "refsource": "BUGTRAQ",
] "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0119.html"
} },
} {
"name": "50744",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50744"
},
{
"name": "20111121 Wordpress advanced-text-widget Plugin Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/520589"
},
{
"name": "http://wordpress.org/extend/plugins/advanced-text-widget/changelog/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/extend/plugins/advanced-text-widget/changelog/"
},
{
"name": "http://wordpress.org/support/topic/wordpress-advanced-text-widget-plugin-cross-site-scripting-vulnerabilities",
"refsource": "MISC",
"url": "http://wordpress.org/support/topic/wordpress-advanced-text-widget-plugin-cross-site-scripting-vulnerabilities"
}
]
}
}

140
2011/4xxx/CVE-2011-4826.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-4826", "ID": "CVE-2011-4826",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in session.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to process.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.autosectools.com/Advisory/V-CMS-1.0-SQL-Injection-235", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.autosectools.com/Advisory/V-CMS-1.0-SQL-Injection-235" "lang": "eng",
}, "value": "SQL injection vulnerability in session.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to process.php. NOTE: some of these details are obtained from third party information."
{ }
"name" : "50706", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/50706" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "46861", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/46861" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "50706",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50706"
},
{
"name": "http://www.autosectools.com/Advisory/V-CMS-1.0-SQL-Injection-235",
"refsource": "MISC",
"url": "http://www.autosectools.com/Advisory/V-CMS-1.0-SQL-Injection-235"
},
{
"name": "46861",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46861"
}
]
}
}

180
2013/5xxx/CVE-2013-5126.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2013-5126", "ID": "CVE-2013-5126",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT5934", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5934" "lang": "eng",
}, "value": "WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2."
{ }
"name" : "http://support.apple.com/kb/HT6001", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT6001" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2013-09-18-2", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2013-10-22-2", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2013-10-22-8", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html" "name": "APPLE-SA-2013-10-22-8",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html"
"name" : "1029054", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1029054" "name": "1029054",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1029054"
"name" : "54886", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/54886" "name": "http://support.apple.com/kb/HT6001",
} "refsource": "CONFIRM",
] "url": "http://support.apple.com/kb/HT6001"
} },
} {
"name": "APPLE-SA-2013-10-22-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html"
},
{
"name": "54886",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54886"
},
{
"name": "http://support.apple.com/kb/HT5934",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5934"
},
{
"name": "APPLE-SA-2013-09-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
}
]
}
}

130
2014/2xxx/CVE-2014-2016.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2016", "ID": "CVE-2014-2016",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in OXID eShop Professional and Community Edition 4.6.8 and earlier, 4.7.x before 4.7.11, and 4.8.x before 4.8.4, and Enterprise Edition 4.6.8 and earlier, 5.0.x before 5.0.11 and 5.1.x before 5.1.4 allow remote attackers to inject arbitrary web script or HTML via the searchtag parameter to the getTag function in (1) application/controllers/details.php or (2) application/controllers/tag.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://wiki.oxidforge.org/Security_bulletins/2014-001", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://wiki.oxidforge.org/Security_bulletins/2014-001" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in OXID eShop Professional and Community Edition 4.6.8 and earlier, 4.7.x before 4.7.11, and 4.8.x before 4.8.4, and Enterprise Edition 4.6.8 and earlier, 5.0.x before 5.0.11 and 5.1.x before 5.1.4 allow remote attackers to inject arbitrary web script or HTML via the searchtag parameter to the getTag function in (1) application/controllers/details.php or (2) application/controllers/tag.php."
{ }
"name" : "57438", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/57438" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.oxidforge.org/Security_bulletins/2014-001",
"refsource": "CONFIRM",
"url": "http://wiki.oxidforge.org/Security_bulletins/2014-001"
},
{
"name": "57438",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57438"
}
]
}
}

34
2014/2xxx/CVE-2014-2030.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2030", "ID": "CVE-2014-2030",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2014/2xxx/CVE-2014-2164.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2014-2164", "ID": "CVE-2014-2164",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCuj94651."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" "lang": "eng",
} "value": "The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCuj94651."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte"
}
]
}
}

170
2014/2xxx/CVE-2014-2422.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2014-2422", "ID": "CVE-2014-2422",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2.51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2.51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors."
{ }
"name" : "GLSA-201502-12", ]
"refsource" : "GENTOO", },
"url" : "http://security.gentoo.org/glsa/glsa-201502-12.xml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "HPSBUX03091", "description": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SSRT101667", ]
"refsource" : "HP", }
"url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2" ]
}, },
{ "references": {
"name" : "RHSA-2014:0413", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2014:0413" "name": "HPSBUX03091",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
"name" : "66912", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/66912" "name": "RHSA-2014:0413",
} "refsource": "REDHAT",
] "url": "https://access.redhat.com/errata/RHSA-2014:0413"
} },
} {
"name": "66912",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66912"
},
{
"name": "SSRT101667",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"name": "GLSA-201502-12",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201502-12.xml"
}
]
}
}

34
2014/2xxx/CVE-2014-2945.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-2945", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-2945",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
} }
] ]
} }
} }

190
2014/3xxx/CVE-2014-3160.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2014-3160", "ID": "CVE-2014-3160",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://googlechromereleases.blogspot.com/2014/07/stable-channel-update.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2014/07/stable-channel-update.html" "lang": "eng",
}, "value": "The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file."
{ }
"name" : "https://code.google.com/p/chromium/issues/detail?id=380885", ]
"refsource" : "CONFIRM", },
"url" : "https://code.google.com/p/chromium/issues/detail?id=380885" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://src.chromium.org/viewvc/blink?revision=176084&view=revision", "description": [
"refsource" : "CONFIRM", {
"url" : "https://src.chromium.org/viewvc/blink?revision=176084&view=revision" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-3039", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2014/dsa-3039" ]
}, },
{ "references": {
"name" : "GLSA-201408-16", "reference_data": [
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201408-16.xml" "name": "68677",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/68677"
"name" : "68677", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/68677" "name": "https://src.chromium.org/viewvc/blink?revision=176084&view=revision",
}, "refsource": "CONFIRM",
{ "url": "https://src.chromium.org/viewvc/blink?revision=176084&view=revision"
"name" : "60372", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/60372" "name": "GLSA-201408-16",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201408-16.xml"
"name" : "60061", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/60061" "name": "60372",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/60372"
} },
} {
"name": "http://googlechromereleases.blogspot.com/2014/07/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2014/07/stable-channel-update.html"
},
{
"name": "60061",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60061"
},
{
"name": "DSA-3039",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3039"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=380885",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=380885"
}
]
}
}

140
2014/6xxx/CVE-2014-6173.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2014-6173", "ID": "CVE-2014-6173",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Process Inspector in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21690553", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21690553" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Process Inspector in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
{ }
"name" : "JR50241", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR50241" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ibm-bpm-cve20146173-xss(98418)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98418" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21690553",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690553"
},
{
"name": "ibm-bpm-cve20146173-xss(98418)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98418"
},
{
"name": "JR50241",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR50241"
}
]
}
}

150
2014/6xxx/CVE-2014-6508.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2014-6508", "ID": "CVE-2014-6508",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via vectors related to iSCSI Data Mover (IDM)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via vectors related to iSCSI Data Mover (IDM)."
{ }
"name" : "70549", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/70549" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1031032", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031032" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "61593", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/61593" ]
} },
] "references": {
} "reference_data": [
} {
"name": "70549",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70549"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "1031032",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031032"
},
{
"name": "61593",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61593"
}
]
}
}

34
2014/7xxx/CVE-2014-7096.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-7096", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-7096",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
} }
] ]
} }
} }

140
2014/7xxx/CVE-2014-7461.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7461", "ID": "CVE-2014-7461",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The A King Sperm by Dr. Seema Rao (aka com.wKingSperm) application 0.63.13384.23020 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The A King Sperm by Dr. Seema Rao (aka com.wKingSperm) application 0.63.13384.23020 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#582497", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/582497" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#896657", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/896657" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "VU#896657",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/896657"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2017/0xxx/CVE-2017-0021.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2017-0021", "ID": "CVE-2017-0021",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Hyper-V vSMB", "product_name": "Hyper-V vSMB",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Hyper-V in Microsoft Windows 10 1607 and Windows Server 2016" "version_value": "Hyper-V in Microsoft Windows 10 1607 and Windows Server 2016"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Hyper-V in Microsoft Windows 10 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka \"Hyper-V System Data Structure Vulnerability.\" This vulnerability is different from that described in CVE-2017-0095."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0021", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0021" "lang": "eng",
}, "value": "Hyper-V in Microsoft Windows 10 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka \"Hyper-V System Data Structure Vulnerability.\" This vulnerability is different from that described in CVE-2017-0095."
{ }
"name" : "96020", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96020" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037999", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037999" "lang": "eng",
} "value": "Remote Code Execution"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0021",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0021"
},
{
"name": "1037999",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037999"
},
{
"name": "96020",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96020"
}
]
}
}

186
2017/0xxx/CVE-2017-0481.json
View File

@ -1,95 +1,95 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2017-0481", "ID": "CVE-2017-0481",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android-4.4.4" "version_value": "Android-4.4.4"
}, },
{ {
"version_value" : "Android-5.0.2" "version_value": "Android-5.0.2"
}, },
{ {
"version_value" : "Android-5.1.1" "version_value": "Android-5.1.1"
}, },
{ {
"version_value" : "Android-6.0" "version_value": "Android-6.0"
}, },
{ {
"version_value" : "Android-6.0.1" "version_value": "Android-6.0.1"
}, },
{ {
"version_value" : "Android-7.0" "version_value": "Android-7.0"
}, },
{ {
"version_value" : "Android-7.1.1" "version_value": "Android-7.1.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in NFC could enable a proximate attacker to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33434992."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-03-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-03-01" "lang": "eng",
}, "value": "An elevation of privilege vulnerability in NFC could enable a proximate attacker to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33434992."
{ }
"name" : "96953", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96953" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "96765", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96765" "lang": "eng",
}, "value": "Elevation of privilege"
{ }
"name" : "1037968", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1037968" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://source.android.com/security/bulletin/2017-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96765",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96765"
},
{
"name": "96953",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96953"
}
]
}
}

168
2017/0xxx/CVE-2017-0542.json
View File

@ -1,86 +1,86 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2017-0542", "ID": "CVE-2017-0542",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android-6.0" "version_value": "Android-6.0"
}, },
{ {
"version_value" : "Android-6.0.1" "version_value": "Android-6.0.1"
}, },
{ {
"version_value" : "Android-7.0" "version_value": "Android-7.0"
}, },
{ {
"version_value" : "Android-7.1.1" "version_value": "Android-7.1.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33934721."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote code execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://android.googlesource.com/platform/external/libavc/+/33ef7de9ddc8ea7eb9cbc440d1cf89957a0c267b", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://android.googlesource.com/platform/external/libavc/+/33ef7de9ddc8ea7eb9cbc440d1cf89957a0c267b" "lang": "eng",
}, "value": "A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33934721."
{ }
"name" : "https://source.android.com/security/bulletin/2017-04-01", ]
"refsource" : "CONFIRM", },
"url" : "https://source.android.com/security/bulletin/2017-04-01" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "97330", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/97330" "lang": "eng",
}, "value": "Remote code execution"
{ }
"name" : "1038201", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1038201" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://source.android.com/security/bulletin/2017-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-04-01"
},
{
"name": "https://android.googlesource.com/platform/external/libavc/+/33ef7de9ddc8ea7eb9cbc440d1cf89957a0c267b",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/external/libavc/+/33ef7de9ddc8ea7eb9cbc440d1cf89957a0c267b"
},
{
"name": "97330",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97330"
},
{
"name": "1038201",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038201"
}
]
}
}

162
2017/0xxx/CVE-2017-0833.json
View File

@ -1,83 +1,83 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"DATE_PUBLIC" : "2017-11-06T00:00:00", "DATE_PUBLIC": "2017-11-06T00:00:00",
"ID" : "CVE-2017-0833", "ID": "CVE-2017-0833",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "6.0" "version_value": "6.0"
}, },
{ {
"version_value" : "6.0.1" "version_value": "6.0.1"
}, },
{ {
"version_value" : "7.0" "version_value": "7.0"
}, },
{ {
"version_value" : "7.1.1" "version_value": "7.1.1"
}, },
{ {
"version_value" : "7.1.2" "version_value": "7.1.2"
}, },
{ {
"version_value" : "8.0" "version_value": "8.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62896384."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote code execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-11-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-11-01" "lang": "eng",
}, "value": "A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62896384."
{ }
"name" : "101717", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101717" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-11-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-11-01"
},
{
"name": "101717",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101717"
}
]
}
}

130
2017/0xxx/CVE-2017-0895.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"ID" : "CVE-2017-0895", "ID": "CVE-2017-0895",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Nextcloud Server", "product_name": "Nextcloud Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "before 10.0.4 and 11.0.2" "version_value": "before 10.0.4 and 11.0.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Nextcloud" "vendor_name": "Nextcloud"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and addressbook has been disclosed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Exposure Through Directory Listing (CWE-285)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://hackerone.com/reports/203594", "description_data": [
"refsource" : "MISC", {
"url" : "https://hackerone.com/reports/203594" "lang": "eng",
}, "value": "Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and addressbook has been disclosed."
{ }
"name" : "https://nextcloud.com/security/advisory/?id=nc-sa-2017-012", ]
"refsource" : "CONFIRM", },
"url" : "https://nextcloud.com/security/advisory/?id=nc-sa-2017-012" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Information Exposure Through Directory Listing (CWE-285)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/203594",
"refsource": "MISC",
"url": "https://hackerone.com/reports/203594"
},
{
"name": "https://nextcloud.com/security/advisory/?id=nc-sa-2017-012",
"refsource": "CONFIRM",
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2017-012"
}
]
}
}

122
2017/0xxx/CVE-2017-0930.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00", "DATE_PUBLIC": "2018-04-26T00:00:00",
"ID" : "CVE-2017-0930", "ID": "CVE-2017-0930",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "augustine node module", "product_name": "augustine node module",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "HackerOne" "vendor_name": "HackerOne"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "augustine node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Path Traversal (CWE-22)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://hackerone.com/reports/296282", "description_data": [
"refsource" : "MISC", {
"url" : "https://hackerone.com/reports/296282" "lang": "eng",
} "value": "augustine node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/296282",
"refsource": "MISC",
"url": "https://hackerone.com/reports/296282"
}
]
}
}

170
2017/18xxx/CVE-2017-18026.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-18026", "ID": "CVE-2017-18026",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands (through the Mercurial adapter) via vectors involving a branch whose name begins with a --config= or --debugger= substring, a related issue to CVE-2017-17536."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/redmine/redmine/commit/58ed8655136ff2fe5ff7796859bf6a399c76c678", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/redmine/redmine/commit/58ed8655136ff2fe5ff7796859bf6a399c76c678" "lang": "eng",
}, "value": "Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands (through the Mercurial adapter) via vectors involving a branch whose name begins with a --config= or --debugger= substring, a related issue to CVE-2017-17536."
{ }
"name" : "https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e", ]
"refsource" : "MISC", },
"url" : "https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/redmine/redmine/commit/ca87bf766cdc70179cb2dce03015d78ec9c13ebd", "description": [
"refsource" : "MISC", {
"url" : "https://github.com/redmine/redmine/commit/ca87bf766cdc70179cb2dce03015d78ec9c13ebd" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://www.redmine.org/issues/27516", ]
"refsource" : "MISC", }
"url" : "https://www.redmine.org/issues/27516" ]
}, },
{ "references": {
"name" : "https://www.redmine.org/projects/redmine/wiki/Security_Advisories", "reference_data": [
"refsource" : "MISC", {
"url" : "https://www.redmine.org/projects/redmine/wiki/Security_Advisories" "name": "https://www.redmine.org/issues/27516",
}, "refsource": "MISC",
{ "url": "https://www.redmine.org/issues/27516"
"name" : "DSA-4191", },
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4191" "name": "https://github.com/redmine/redmine/commit/58ed8655136ff2fe5ff7796859bf6a399c76c678",
} "refsource": "MISC",
] "url": "https://github.com/redmine/redmine/commit/58ed8655136ff2fe5ff7796859bf6a399c76c678"
} },
} {
"name": "DSA-4191",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "MISC",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "https://github.com/redmine/redmine/commit/ca87bf766cdc70179cb2dce03015d78ec9c13ebd",
"refsource": "MISC",
"url": "https://github.com/redmine/redmine/commit/ca87bf766cdc70179cb2dce03015d78ec9c13ebd"
},
{
"name": "https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e",
"refsource": "MISC",
"url": "https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e"
}
]
}
}

34
2017/18xxx/CVE-2017-18148.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-18148", "ID": "CVE-2017-18148",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2017/18xxx/CVE-2017-18252.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-18252", "ID": "CVE-2017-18252",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/ImageMagick/ImageMagick/issues/802", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/ImageMagick/ImageMagick/issues/802" "lang": "eng",
}, "value": "An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file."
{ }
"name" : "USN-3681-1", ]
"refsource" : "UBUNTU", },
"url" : "https://usn.ubuntu.com/3681-1/" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3681-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3681-1/"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/802",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/issues/802"
}
]
}
}

172
2017/1xxx/CVE-2017-1116.json
View File

@ -1,88 +1,88 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-04-24T00:00:00", "DATE_PUBLIC": "2018-04-24T00:00:00",
"ID" : "CVE-2017-1116", "ID": "CVE-2017-1116",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Campaign", "product_name": "Campaign",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "8.6" "version_value": "8.6"
}, },
{ {
"version_value" : "9.0" "version_value": "9.0"
}, },
{ {
"version_value" : "9.1" "version_value": "9.1"
}, },
{ {
"version_value" : "9.1.1" "version_value": "9.1.1"
}, },
{ {
"version_value" : "9.1.2" "version_value": "9.1.2"
}, },
{ {
"version_value" : "10.0" "version_value": "10.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Campaign 8.6, 9.0, 9.1, 9.1.1, 9.1.2, and 10.0 contains excessive details on the client side which could provide information useful for an authenticated user to conduct other attacks. IBM X-Force ID: 121154."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22015569", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22015569" "lang": "eng",
}, "value": "IBM Campaign 8.6, 9.0, 9.1, 9.1.1, 9.1.2, and 10.0 contains excessive details on the client side which could provide information useful for an authenticated user to conduct other attacks. IBM X-Force ID: 121154."
{ }
"name" : "104011", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104011" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ibm-campaign-cve20171116-info-disc(121154)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/121154" "lang": "eng",
} "value": "Obtain Information"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22015569",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22015569"
},
{
"name": "ibm-campaign-cve20171116-info-disc(121154)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121154"
},
{
"name": "104011",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104011"
}
]
}
}

288
2017/1xxx/CVE-2017-1312.json
View File

@ -1,146 +1,146 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-06-28T00:00:00", "DATE_PUBLIC": "2018-06-28T00:00:00",
"ID" : "CVE-2017-1312", "ID": "CVE-2017-1312",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Rational Collaborative Lifecycle Management", "product_name": "Rational Collaborative Lifecycle Management",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.0" "version_value": "5.0"
}, },
{ {
"version_value" : "5.0.1" "version_value": "5.0.1"
}, },
{ {
"version_value" : "5.0.2" "version_value": "5.0.2"
}, },
{ {
"version_value" : "6.0" "version_value": "6.0"
}, },
{ {
"version_value" : "6.0.1" "version_value": "6.0.1"
}, },
{ {
"version_value" : "6.0.2" "version_value": "6.0.2"
}, },
{ {
"version_value" : "6.0.3" "version_value": "6.0.3"
}, },
{ {
"version_value" : "6.0.4" "version_value": "6.0.4"
}, },
{ {
"version_value" : "6.0.5" "version_value": "6.0.5"
} }
] ]
} }
}, },
{ {
"product_name" : "Rational Quality Manager", "product_name": "Rational Quality Manager",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.0" "version_value": "5.0"
}, },
{ {
"version_value" : "5.0.1" "version_value": "5.0.1"
}, },
{ {
"version_value" : "5.0.2" "version_value": "5.0.2"
}, },
{ {
"version_value" : "6.0" "version_value": "6.0"
}, },
{ {
"version_value" : "6.0.1" "version_value": "6.0.1"
}, },
{ {
"version_value" : "6.0.2" "version_value": "6.0.2"
}, },
{ {
"version_value" : "6.0.3" "version_value": "6.0.3"
}, },
{ {
"version_value" : "6.0.4" "version_value": "6.0.4"
}, },
{ {
"version_value" : "6.0.5" "version_value": "6.0.5"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125723."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "L",
"S" : "C",
"SCORE" : "5.400",
"UI" : "R"
},
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www-prd-trops.events.ibm.com/node/715749", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www-prd-trops.events.ibm.com/node/715749" "lang": "eng",
}, "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125723."
{ }
"name" : "ibm-rqm-cve20171312-xss(125723)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125723" "impact": {
} "cvssv3": {
] "BM": {
} "A": "N",
} "AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"SCORE": "5.400",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www-prd-trops.events.ibm.com/node/715749",
"refsource": "CONFIRM",
"url": "https://www-prd-trops.events.ibm.com/node/715749"
},
{
"name": "ibm-rqm-cve20171312-xss(125723)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125723"
}
]
}
}

142
2017/1xxx/CVE-2017-1377.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-08-08T00:00:00", "DATE_PUBLIC": "2017-08-08T00:00:00",
"ID" : "CVE-2017-1377", "ID": "CVE-2017-1377",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Runbook Automation", "product_name": "Runbook Automation",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "N/A" "version_value": "N/A"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Runbook Automation reveals sensitive information in error messages that could be used in further attacks against the system. IBM X-Force ID: 126874."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126874", "description_data": [
"refsource" : "MISC", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126874" "lang": "eng",
}, "value": "IBM Runbook Automation reveals sensitive information in error messages that could be used in further attacks against the system. IBM X-Force ID: 126874."
{ }
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22007031", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22007031" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "100247", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/100247" "lang": "eng",
} "value": "Obtain Information"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22007031",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007031"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126874",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126874"
},
{
"name": "100247",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100247"
}
]
}
}

142
2017/1xxx/CVE-2017-1487.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-11-29T00:00:00", "DATE_PUBLIC": "2017-11-29T00:00:00",
"ID" : "CVE-2017-1487", "ID": "CVE-2017-1487",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Sterling File Gateway", "product_name": "Sterling File Gateway",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.2" "version_value": "2.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling File Gateway 2.2 could allow an authenticated attacker to obtain sensitive information such as login ids on the system. IBM X-Force ID: 128626."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128626", "description_data": [
"refsource" : "MISC", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128626" "lang": "eng",
}, "value": "IBM Sterling File Gateway 2.2 could allow an authenticated attacker to obtain sensitive information such as login ids on the system. IBM X-Force ID: 128626."
{ }
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22010552", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22010552" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "102036", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/102036" "lang": "eng",
} "value": "Obtain Information"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128626",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128626"
},
{
"name": "102036",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102036"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010552",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010552"
}
]
}
}

34
2017/1xxx/CVE-2017-1821.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-1821", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-1821",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

160
2017/5xxx/CVE-2017-5589.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5589", "ID": "CVE-2017-5589",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An incorrect implementation of \"XEP-0280: Message Carbons\" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for yaxim and Bruno (0.8.6 - 0.8.8; Android)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://openwall.com/lists/oss-security/2017/02/09/29", "description_data": [
"refsource" : "MISC", {
"url" : "http://openwall.com/lists/oss-security/2017/02/09/29" "lang": "eng",
}, "value": "An incorrect implementation of \"XEP-0280: Message Carbons\" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for yaxim and Bruno (0.8.6 - 0.8.8; Android)."
{ }
"name" : "https://github.com/ge0rg/yaxim/commit/65a38dc77545d9568732189e86089390f0ceaf9f", ]
"refsource" : "MISC", },
"url" : "https://github.com/ge0rg/yaxim/commit/65a38dc77545d9568732189e86089390f0ceaf9f" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/", "description": [
"refsource" : "MISC", {
"url" : "https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf", ]
"refsource" : "MISC", }
"url" : "https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf" ]
}, },
{ "references": {
"name" : "96170", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96170" "name": "http://openwall.com/lists/oss-security/2017/02/09/29",
} "refsource": "MISC",
] "url": "http://openwall.com/lists/oss-security/2017/02/09/29"
} },
} {
"name": "https://github.com/ge0rg/yaxim/commit/65a38dc77545d9568732189e86089390f0ceaf9f",
"refsource": "MISC",
"url": "https://github.com/ge0rg/yaxim/commit/65a38dc77545d9568732189e86089390f0ceaf9f"
},
{
"name": "96170",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96170"
},
{
"name": "https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/",
"refsource": "MISC",
"url": "https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/"
},
{
"name": "https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf",
"refsource": "MISC",
"url": "https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf"
}
]
}
}