admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 21:53:26 +00:00
parent 9492230dd0
commit 151cf5bff1
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
60 changed files with 4577 additions and 4577 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
2006/2xxx/CVE-2006-2457.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2457",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2457",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

98
2006/2xxx/CVE-2006-2499.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2499",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2499",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in default.asp in CodeAvalanche News (CANews) 1.2 allows remote attackers to execute arbitrary SQL commands via the password field."
"lang": "eng",
"value": "SQL injection vulnerability in default.asp in CodeAvalanche News (CANews) 1.2 allows remote attackers to execute arbitrary SQL commands via the password field."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060518 CANews Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/434730/100/0/threaded"
"name": "http://colander.altervista.org/advisory/CANews.txt",
"refsource": "MISC",
"url": "http://colander.altervista.org/advisory/CANews.txt"
},
{
"name" : "http://colander.altervista.org/advisory/CANews.txt",
"refsource" : "MISC",
"url" : "http://colander.altervista.org/advisory/CANews.txt"
"name": "canews-admindefault-sql-injection(26586)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26586"
},
{
"name" : "18031",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18031"
"name": "ADV-2006-1870",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1870"
},
{
"name" : "ADV-2006-1870",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1870"
"name": "25652",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25652"
},
{
"name" : "25652",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25652"
"name": "18031",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18031"
},
{
"name" : "20171",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20171"
"name": "20060518 CANews Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434730/100/0/threaded"
},
{
"name" : "canews-admindefault-sql-injection(26586)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26586"
"name": "20171",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20171"
}
]
}

104
2006/3xxx/CVE-2006-3542.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3542",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3542",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Garry Glendown Shopping Cart 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) shop name field in (a) editshop.php, (b) edititem.php, and (c) index.php; and via the (2) item field in editshop.php and edititem.php."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Garry Glendown Shopping Cart 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) shop name field in (a) editshop.php, (b) edititem.php, and (c) index.php; and via the (2) item field in editshop.php and edititem.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060705 Shopping Cart V0.9",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/439150/100/0/threaded"
"name": "20957",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20957"
},
{
"name" : "18841",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18841"
"name": "1223",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1223"
},
{
"name" : "ADV-2006-2693",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2693"
"name": "27025",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27025"
},
{
"name" : "27024",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27024"
"name": "27024",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27024"
},
{
"name" : "27025",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27025"
"name": "20060705 Shopping Cart V0.9",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439150/100/0/threaded"
},
{
"name" : "20957",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20957"
"name": "ADV-2006-2693",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2693"
},
{
"name" : "1223",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1223"
"name": "shoppingcart-multiple-scripts-xss(27539)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27539"
},
{
"name" : "shoppingcart-multiple-scripts-xss(27539)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27539"
"name": "18841",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18841"
}
]
}

116
2006/3xxx/CVE-2006-3561.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3561",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3561",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "BT Voyager 2091 Wireless firmware 2.21.05.08m_A2pB018c1.d16d and earlier, and 3.01m and earlier, allow remote attackers to bypass the authentication process and gain sensitive information, such as configuration information via (1) /btvoyager_getconfig.sh, PPP credentials via (2) btvoyager_getpppcreds.sh, and decode configuration credentials via (3) btvoyager_decoder.c."
"lang": "eng",
"value": "BT Voyager 2091 Wireless firmware 2.21.05.08m_A2pB018c1.d16d and earlier, and 3.01m and earlier, allow remote attackers to bypass the authentication process and gain sensitive information, such as configuration information via (1) /btvoyager_getconfig.sh, PPP credentials via (2) btvoyager_getpppcreds.sh, and decode configuration credentials via (3) btvoyager_decoder.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060716 Unauthenticated access to BT Voyager config file and PPP credentials embedded in HTML form",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/440405/100/0/threaded"
"name": "20080301 The Router Hacking Challenge is Over!",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"name" : "20080301 The Router Hacking Challenge is Over!",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
"name": "http://www.gnucitizen.org/projects/router-hacking-challenge/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"name" : "20060708 Unauthenticated access to BT Voyager config file",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047733.html"
"name": "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-3/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-3/"
},
{
"name" : "http://ikwt.dyndns.org/projects/btvoyager-getconfig.txt",
"refsource" : "MISC",
"url" : "http://ikwt.dyndns.org/projects/btvoyager-getconfig.txt"
"name": "19057",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19057"
},
{
"name" : "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-3/",
"refsource" : "MISC",
"url" : "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-3/"
"name": "20060716 Unauthenticated access to BT Voyager config file and PPP credentials embedded in HTML form",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440405/100/0/threaded"
},
{
"name" : "http://www.gnucitizen.org/projects/router-hacking-challenge/",
"refsource" : "MISC",
"url" : "http://www.gnucitizen.org/projects/router-hacking-challenge/"
"name": "20060708 Unauthenticated access to BT Voyager config file",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047733.html"
},
{
"name" : "19057",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19057"
"name": "ADV-2006-2734",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2734"
},
{
"name" : "ADV-2006-2734",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2734"
"name": "btvoyager-config-information-disclosure(27652)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27652"
},
{
"name" : "20982",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20982"
"name": "20982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20982"
},
{
"name" : "btvoyager-config-information-disclosure(27652)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27652"
"name": "http://ikwt.dyndns.org/projects/btvoyager-getconfig.txt",
"refsource": "MISC",
"url": "http://ikwt.dyndns.org/projects/btvoyager-getconfig.txt"
}
]
}

22
2006/3xxx/CVE-2006-3645.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3645",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2006-3645",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
}
]
}

128
2006/3xxx/CVE-2006-3707.json
View File

@ -1,116 +1,116 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3707",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3707",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3 and 9.0.3.1 has unknown impact and attack vectors, aka Oracle Vuln# AS02."
"lang": "eng",
"value": "Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3 and 9.0.3.1 has unknown impact and attack vectors, aka Oracle Vuln# AS02."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html"
"name": "1016529",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016529"
},
{
"name" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html",
"refsource" : "MISC",
"url" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html"
"name": "19054",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19054"
},
{
"name" : "HPSBMA02133",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded"
"name": "oracle-cpu-july-2006(27897)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897"
},
{
"name" : "SSRT061201",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded"
"name": "21165",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21165"
},
{
"name" : "TA06-200A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-200A.html"
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded"
},
{
"name" : "19054",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19054"
"name": "ADV-2006-2947",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2947"
},
{
"name" : "ADV-2006-2863",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2863"
"name": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html"
},
{
"name" : "ADV-2006-2947",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2947"
"name": "SSRT061201",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded"
},
{
"name" : "1016529",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016529"
"name": "TA06-200A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-200A.html"
},
{
"name" : "21111",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21111"
"name": "21111",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21111"
},
{
"name" : "21165",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21165"
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html"
},
{
"name" : "oracle-cpu-july-2006(27897)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897"
"name": "ADV-2006-2863",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2863"
}
]
}

80
2006/4xxx/CVE-2006-4286.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4286",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4286",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** DISPUTED ** PHP remote file inclusion vulnerability in contentpublisher.php in the contentpublisher component (com_contentpublisher) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third parties who state that contentpublisher.php protects against direct request in the most recent version. The original researcher is known to be frequently inaccurate."
"lang": "eng",
"value": "** DISPUTED ** PHP remote file inclusion vulnerability in contentpublisher.php in the contentpublisher component (com_contentpublisher) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third parties who state that contentpublisher.php protects against direct request in the most recent version. The original researcher is known to be frequently inaccurate."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060817 contentpublisher Mambo Component Remote File Include Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/443626/100/0/threaded"
"name": "1431",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1431"
},
{
"name" : "20060823 Re: contentpublisher Mambo Component Remote File Include Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/444244/100/0/threaded"
"name": "20060817 contentpublisher Mambo Component Remote File Include Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443626/100/0/threaded"
},
{
"name" : "28093",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28093"
"name": "28093",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28093"
},
{
"name" : "1431",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1431"
"name": "20060823 Re: contentpublisher Mambo Component Remote File Include Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444244/100/0/threaded"
}
]
}

86
2006/4xxx/CVE-2006-4423.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4423",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4423",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Bigace 1.8.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[_BIGACE][DIR][admin] parameter in (a) system/command/admin.cmd.php, (b) admin/include/upload_form.php, and (c) admin/include/item_main.php; and the (2) GLOBALS[_BIGACE][DIR][libs] parameter in (d) system/command/admin.cmd.php and (e) system/command/download.cmd.php."
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Bigace 1.8.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[_BIGACE][DIR][admin] parameter in (a) system/command/admin.cmd.php, (b) admin/include/upload_form.php, and (c) admin/include/item_main.php; and the (2) GLOBALS[_BIGACE][DIR][libs] parameter in (d) system/command/admin.cmd.php and (e) system/command/download.cmd.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060826 Bigace 1.8.2 (GLOBALS) Remote File Inclusion",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/444415/100/0/threaded"
"name": "1016760",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016760"
},
{
"name" : "19723",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19723"
"name": "20060826 Bigace 1.8.2 (GLOBALS) Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444415/100/0/threaded"
},
{
"name" : "1016760",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016760"
"name": "19723",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19723"
},
{
"name" : "1462",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1462"
"name": "1462",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1462"
},
{
"name" : "bigace-globals-file-include(28585)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28585"
"name": "bigace-globals-file-include(28585)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28585"
}
]
}

98
2006/4xxx/CVE-2006-4523.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4523",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4523",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The web-based management interface in 2Wire, Inc. HomePortal and OfficePortal Series modems and routers allows remote attackers to cause a denial of service (crash) via a CRLF sequence in a GET request."
"lang": "eng",
"value": "The web-based management interface in 2Wire, Inc. HomePortal and OfficePortal Series modems and routers allows remote attackers to cause a denial of service (crash) via a CRLF sequence in a GET request."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060820 DoS 2wire Gateway",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/443906/100/100/threaded"
"name": "2wirerouter-crlf-dos(28578)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28578"
},
{
"name" : "http://www.mexhackteam.org/prethoonker/DoS_ADV_2Wire.txt",
"refsource" : "MISC",
"url" : "http://www.mexhackteam.org/prethoonker/DoS_ADV_2Wire.txt"
"name": "21583",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21583"
},
{
"name" : "2246",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2246"
"name": "20060820 DoS 2wire Gateway",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443906/100/100/threaded"
},
{
"name" : "19634",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19634"
"name": "2246",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2246"
},
{
"name" : "21583",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21583"
"name": "1489",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1489"
},
{
"name" : "1489",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1489"
"name": "http://www.mexhackteam.org/prethoonker/DoS_ADV_2Wire.txt",
"refsource": "MISC",
"url": "http://www.mexhackteam.org/prethoonker/DoS_ADV_2Wire.txt"
},
{
"name" : "2wirerouter-crlf-dos(28578)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28578"
"name": "19634",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19634"
}
]
}

80
2006/4xxx/CVE-2006-4677.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4677",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4677",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** DISPUTED ** PHP remote file inclusion vulnerability in contrib/yabbse/poc.php in phpopenchat before 3.0.2 allows remote attackers to execute arbitrary PHP code via the sourcedir parameter. NOTE: this issue was disputed by a third-party researcher who stated that the _REQUEST parameters were dynamically unset at the beginning of the file. Another researcher noted, and CVE agrees, that the unset PHP function can be bypassed (CVE-2006-3017). If this issue is due to a vulnerability in PHP, then it should be excluded from CVE."
"lang": "eng",
"value": "** DISPUTED ** PHP remote file inclusion vulnerability in contrib/yabbse/poc.php in phpopenchat before 3.0.2 allows remote attackers to execute arbitrary PHP code via the sourcedir parameter. NOTE: this issue was disputed by a third-party researcher who stated that the _REQUEST parameters were dynamically unset at the beginning of the file. Another researcher noted, and CVE agrees, that the unset PHP function can be bypassed (CVE-2006-3017). If this issue is due to a vulnerability in PHP, then it should be excluded from CVE."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060906 WDT :-phpopenchat-3.0.* ($sourcedir) Remote File Inclusion Exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445384/100/0/threaded"
"name": "20060908 AW: WDT :-phpopenchat-3.0.* ($sourcedir) Remote File Inclusion Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445580/100/0/threaded"
},
{
"name" : "20060907 Re: WDT :-phpopenchat-3.0.* ($sourcedir) Remote File Inclusion Exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445522/100/0/threaded"
"name": "http://phpopenchat.org/index.php",
"refsource": "CONFIRM",
"url": "http://phpopenchat.org/index.php"
},
{
"name" : "20060908 AW: WDT :-phpopenchat-3.0.* ($sourcedir) Remote File Inclusion Exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445580/100/0/threaded"
"name": "20060907 Re: WDT :-phpopenchat-3.0.* ($sourcedir) Remote File Inclusion Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445522/100/0/threaded"
},
{
"name" : "http://phpopenchat.org/index.php",
"refsource" : "CONFIRM",
"url" : "http://phpopenchat.org/index.php"
"name": "20060906 WDT :-phpopenchat-3.0.* ($sourcedir) Remote File Inclusion Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445384/100/0/threaded"
}
]
}

92
2006/6xxx/CVE-2006-6669.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6669",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6669",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in export_handler.php in WebCalendar 1.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in export_handler.php in WebCalendar 1.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20061219 WebCalendar >=1.0 Cross-Site Scripting Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/454810/100/0/threaded"
"name": "2054",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2054"
},
{
"name" : "DSA-1279",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2007/dsa-1279"
"name": "24974",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24974"
},
{
"name" : "ADV-2006-5067",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/5067"
"name": "23341",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23341"
},
{
"name" : "23341",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23341"
"name": "ADV-2006-5067",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5067"
},
{
"name" : "24974",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24974"
"name": "DSA-1279",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1279"
},
{
"name" : "2054",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2054"
"name": "20061219 WebCalendar >=1.0 Cross-Site Scripting Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454810/100/0/threaded"
}
]
}

92
2006/6xxx/CVE-2006-6751.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6751",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6751",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Format string vulnerability in XM Easy Personal FTP Server 5.2.1 allows remote attackers to cause a denial of service (application crash) via format string specifiers in the USER command or certain other available or nonexistent commands. NOTE: It was later reported that 5.3.0 is also vulnerable."
"lang": "eng",
"value": "Format string vulnerability in XM Easy Personal FTP Server 5.2.1 allows remote attackers to cause a denial of service (application crash) via format string specifiers in the USER command or certain other available or nonexistent commands. NOTE: It was later reported that 5.3.0 is also vulnerable."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/18632.txt",
"refsource" : "MISC",
"url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/18632.txt"
"name": "ADV-2007-0786",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0786"
},
{
"name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/22747.pl",
"refsource" : "MISC",
"url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/22747.pl"
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/22747.pl",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/22747.pl"
},
{
"name" : "18632",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18632"
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/18632.txt",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/18632.txt"
},
{
"name" : "22747",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22747"
"name": "22747",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22747"
},
{
"name" : "ADV-2007-0786",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0786"
"name": "xm-ftpserver-user-dos(31140)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31140"
},
{
"name" : "xm-ftpserver-user-dos(31140)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31140"
"name": "18632",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18632"
}
]
}

98
2006/7xxx/CVE-2006-7145.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7145",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7145",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "edit_user.php in Call Center Software 0.93 and earlier allows remote attackers to obtain sensitive information such as account passwords via a modified user_id parameter."
"lang": "eng",
"value": "edit_user.php in Call Center Software 0.93 and earlier allows remote attackers to obtain sensitive information such as account passwords via a modified user_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20061012 MHL-2006-002 Public Advisory: \"Call-Center-Software\" Multiple Security Issues",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/448423/100/0/threaded"
"name": "20061012 MHL-2006-002 Public Advisory: \"Call-Center-Software\" Multiple Security Issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448423/100/0/threaded"
},
{
"name" : "20061011 MHL-2006-002 Public Advisory: \"Call-Center-Software\" Multiple Security Issues",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0217.html"
"name": "20061011 MHL-2006-002 Public Advisory: \"Call-Center-Software\" Multiple Security Issues",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0217.html"
},
{
"name" : "http://www.mayhemiclabs.com/advisories/MHL-2006-002.txt",
"refsource" : "MISC",
"url" : "http://www.mayhemiclabs.com/advisories/MHL-2006-002.txt"
"name": "2389",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2389"
},
{
"name" : "20474",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20474"
"name": "http://www.mayhemiclabs.com/advisories/MHL-2006-002.txt",
"refsource": "MISC",
"url": "http://www.mayhemiclabs.com/advisories/MHL-2006-002.txt"
},
{
"name" : "22365",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22365"
"name": "callcenter-edit-privilege-escalation(29486)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29486"
},
{
"name" : "2389",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2389"
"name": "22365",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22365"
},
{
"name" : "callcenter-edit-privilege-escalation(29486)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29486"
"name": "20474",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20474"
}
]
}

22
2006/7xxx/CVE-2006-7248.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7248",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2006-7248",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-7250, CVE-2012-1410. Reason: this candidate was intended for one issue, but CVE users may have associated it with multiple unrelated issues. Notes: All CVE users should consult CVE-2006-7250 for the OpenSSL candidate or CVE-2012-1410 for the Kadu candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-7250, CVE-2012-1410. Reason: this candidate was intended for one issue, but CVE users may have associated it with multiple unrelated issues. Notes: All CVE users should consult CVE-2006-7250 for the OpenSSL candidate or CVE-2012-1410 for the Kadu candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}

104
2010/2xxx/CVE-2010-2704.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2704",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2010-2704",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long HTTP request to nnmrptconfig.exe."
"lang": "eng",
"value": "Buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long HTTP request to nnmrptconfig.exe."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20100721 VUPEN Security Research - HP OpenView Network Node Manager \"nnmrptconfig.exe\" Buffer Overflow (CVE-2010-2703)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/512543/100/0/threaded"
"name": "ADV-2010-1866",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1866"
},
{
"name" : "HPSBMA02558",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=127972286628707&w=2"
"name": "HPSBMA02558",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=127972286628707&w=2"
},
{
"name" : "SSRT010158",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=127972286628707&w=2"
"name": "41839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41839"
},
{
"name" : "SSRT100158",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=127974889107645&w=2"
"name": "SSRT100158",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=127974889107645&w=2"
},
{
"name" : "20100727 CVE number confusion in HP OV NNM products",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2010-July/002374.html"
"name": "20100727 CVE number confusion in HP OV NNM products",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2010-July/002374.html"
},
{
"name" : "41839",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41839"
"name": "SSRT010158",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=127972286628707&w=2"
},
{
"name" : "40697",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40697"
"name": "40697",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40697"
},
{
"name" : "ADV-2010-1866",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1866"
"name": "20100721 VUPEN Security Research - HP OpenView Network Node Manager \"nnmrptconfig.exe\" Buffer Overflow (CVE-2010-2703)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/512543/100/0/threaded"
}
]
}

62
2010/2xxx/CVE-2010-2722.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2722",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2722",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in RightInPoint Lyrics Script 3.0 allows remote attackers to inject arbitrary web script or HTML via the artist_id parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in RightInPoint Lyrics Script 3.0 allows remote attackers to inject arbitrary web script or HTML via the artist_id parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "40438",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40438"
"name": "40438",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40438"
}
]
}

104
2011/0xxx/CVE-2011-0354.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0354",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-0354",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password for the root account, which makes it easier for remote attackers to obtain access via an unspecified login method."
"lang": "eng",
"value": "The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password for the root account, which makes it easier for remote attackers to obtain access via an unspecified login method."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "16100",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/16100"
"name": "1025017",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025017"
},
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=22314",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=22314"
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22314",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22314"
},
{
"name" : "20110202 Default Credentials for Root Account on Tandberg E, EX and C Series Endpoints",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/ps11422/products_security_advisory09186a0080b69541.shtml"
"name": "8060",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8060"
},
{
"name" : "VU#436854",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/436854"
"name": "46107",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46107"
},
{
"name" : "46107",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46107"
"name": "VU#436854",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/436854"
},
{
"name" : "1025017",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025017"
"name": "20110202 Default Credentials for Root Account on Tandberg E, EX and C Series Endpoints",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/ps11422/products_security_advisory09186a0080b69541.shtml"
},
{
"name" : "43158",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43158"
"name": "16100",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/16100"
},
{
"name" : "8060",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8060"
"name": "43158",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43158"
}
]
}

92
2011/0xxx/CVE-2011-0383.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0383",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-0383",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Java Servlet framework on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug IDs CSCtf42005 and CSCtf42008."
"lang": "eng",
"value": "The Java Servlet framework on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug IDs CSCtf42005 and CSCtf42008."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20110223 Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml"
"name": "46519",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46519"
},
{
"name" : "20110223 Multiple Vulnerabilities in Cisco TelePresence Recording Server",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml"
"name": "20110223 Multiple Vulnerabilities in Cisco TelePresence Recording Server",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml"
},
{
"name" : "46519",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46519"
"name": "1025114",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025114"
},
{
"name" : "1025113",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025113"
"name": "20110223 Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml"
},
{
"name" : "1025114",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025114"
"name": "telepresence-java-unauth-access(65602)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65602"
},
{
"name" : "telepresence-java-unauth-access(65602)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65602"
"name": "1025113",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025113"
}
]
}

116
2011/0xxx/CVE-2011-0595.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0595",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2011-0595",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, and CVE-2011-0600."
"lang": "eng",
"value": "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, and CVE-2011-0600."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20110208 ZDI-11-070: Adobe Acrobat Reader U3D Texture .fli RLE Decompression Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516312"
"name": "ADV-2011-0492",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0492"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-070/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-070/"
"name": "43470",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43470"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html"
"name": "RHSA-2011:0301",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0301.html"
},
{
"name" : "RHSA-2011:0301",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0301.html"
"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-070/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-070/"
},
{
"name" : "46212",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46212"
"name": "ADV-2011-0337",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0337"
},
{
"name" : "oval:org.mitre.oval:def:12500",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12500"
"name": "1025033",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025033"
},
{
"name" : "1025033",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025033"
"name": "20110208 ZDI-11-070: Adobe Acrobat Reader U3D Texture .fli RLE Decompression Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516312"
},
{
"name" : "43470",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43470"
"name": "oval:org.mitre.oval:def:12500",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12500"
},
{
"name" : "ADV-2011-0337",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0337"
"name": "46212",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46212"
},
{
"name" : "ADV-2011-0492",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0492"
"name": "http://www.adobe.com/support/security/bulletins/apsb11-03.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html"
}
]
}

68
2011/0xxx/CVE-2011-0884.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0884",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2011-0884",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle BPEL Process Manager component in Oracle Fusion Middleware 11.1.1.3.0, 11.1.1.4.0, and 11.1.1.5.0 allows remote authenticated users to affect availability, related to BPEL Console."
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle BPEL Process Manager component in Oracle Fusion Middleware 11.1.1.3.0, 11.1.1.4.0, and 11.1.1.5.0 allows remote authenticated users to affect availability, related to BPEL Console."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html"
"name": "TA11-201A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html"
},
{
"name" : "TA11-201A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html"
"name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html"
}
]
}

104
2011/1xxx/CVE-2011-1144.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1144",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1144",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072."
"lang": "eng",
"value": "The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20110228 Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/02/28/5"
"name": "[oss-security] 20110228 Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/02/28/5"
},
{
"name" : "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/01/4"
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/01/7"
},
{
"name" : "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/01/5"
"name": "http://pear.php.net/bugs/bug.php?id=18056",
"refsource": "MISC",
"url": "http://pear.php.net/bugs/bug.php?id=18056"
},
{
"name" : "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/01/7"
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/01/8"
},
{
"name" : "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/01/8"
"name": "pear-package-symlink(65911)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65911"
},
{
"name" : "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/01/9"
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/01/5"
},
{
"name" : "http://pear.php.net/bugs/bug.php?id=18056",
"refsource" : "MISC",
"url" : "http://pear.php.net/bugs/bug.php?id=18056"
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/01/4"
},
{
"name" : "pear-package-symlink(65911)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65911"
"name": "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/01/9"
}
]
}

146
2011/1xxx/CVE-2011-1206.json
View File

@ -1,131 +1,131 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1206",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1206",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the server process in ibmslapd.exe in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, 6.0 before 6.0.0.67 (aka 6.0.0.8-TIV-ITDS-IF0009), 6.1 before 6.1.0.40 (aka 6.1.0.5-TIV-ITDS-IF0003), 6.2 before 6.2.0.16 (aka 6.2.0.3-TIV-ITDS-IF0002), and 6.3 before 6.3.0.3 (aka 6.3.0.0-TIV-ITDS-IF0003) allows remote attackers to execute arbitrary code via a crafted LDAP request. NOTE: some of these details are obtained from third party information."
"lang": "eng",
"value": "Stack-based buffer overflow in the server process in ibmslapd.exe in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, 6.0 before 6.0.0.67 (aka 6.0.0.8-TIV-ITDS-IF0009), 6.1 before 6.1.0.40 (aka 6.1.0.5-TIV-ITDS-IF0003), 6.2 before 6.2.0.16 (aka 6.2.0.3-TIV-ITDS-IF0002), and 6.3 before 6.3.0.3 (aka 6.3.0.0-TIV-ITDS-IF0003) allows remote attackers to execute arbitrary code via a crafted LDAP request. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21496117",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21496117"
"name": "http://www.ibm.com/support/docview.wss?uid=swg24029659",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029659"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg24029659",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg24029659"
"name": "44184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44184"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg24029660",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg24029660"
"name": "http://www.ibm.com/support/docview.wss?uid=swg24029660",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029660"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg24029661",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg24029661"
"name": "IO14013",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IO14013"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg24029663",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg24029663"
"name": "http://www.ibm.com/support/docview.wss?uid=swg24029672",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029672"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg24029672",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg24029672"
"name": "ibm-tds-ibmslapd-bo(66711)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66711"
},
{
"name" : "IO14009",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg1IO14009"
"name": "IO14045",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IO14045"
},
{
"name" : "IO14010",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg1IO14010"
"name": "IO14010",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IO14010"
},
{
"name" : "IO14013",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg1IO14013"
"name": "http://www.ibm.com/support/docview.wss?uid=swg24029661",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029661"
},
{
"name" : "IO14045",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg1IO14045"
"name": "1025358",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025358"
},
{
"name" : "IO14046",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg1IO14046"
"name": "8213",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8213"
},
{
"name" : "1025358",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025358"
"name": "http://www.ibm.com/support/docview.wss?uid=swg21496117",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21496117"
},
{
"name" : "44184",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44184"
"name": "IO14046",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IO14046"
},
{
"name" : "8213",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8213"
"name": "IO14009",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IO14009"
},
{
"name" : "ibm-tds-ibmslapd-bo(66711)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66711"
"name": "http://www.ibm.com/support/docview.wss?uid=swg24029663",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029663"
}
]
}

80
2011/1xxx/CVE-2011-1423.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1423",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2011-1423",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in RSA Data Loss Prevention (DLP) Enterprise Manager 8.x before 8.5 SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in RSA Data Loss Prevention (DLP) Enterprise Manager 8.x before 8.5 SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20110429 ESA-2011-015: RSA, The Security Division of EMC, announces a fix for a security vulnerability in RSA Data Loss Prevention",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/517763/100/0/threaded"
"name": "20110429 ESA-2011-015: RSA, The Security Division of EMC, announces a fix for a security vulnerability in RSA Data Loss Prevention",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517763/100/0/threaded"
},
{
"name" : "47642",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47642"
"name": "dlp-unspecified-xss(67210)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67210"
},
{
"name" : "8242",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8242"
"name": "8242",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8242"
},
{
"name" : "dlp-unspecified-xss(67210)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67210"
"name": "47642",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47642"
}
]
}

86
2011/1xxx/CVE-2011-1509.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1509",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1509",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network."
"lang": "eng",
"value": "The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20110914 CORE-2011-0506 - Multiples Vulnerabilities in ManageEngine ServiceDesk Plus",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/519652/100/0/threaded"
"name": "servicedesk-loginjs-security-bypass(69841)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69841"
},
{
"name" : "http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp",
"refsource" : "MISC",
"url" : "http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp"
"name": "49636",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49636"
},
{
"name" : "49636",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/49636"
"name": "8385",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8385"
},
{
"name" : "8385",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8385"
"name": "http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp"
},
{
"name" : "servicedesk-loginjs-security-bypass(69841)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69841"
"name": "20110914 CORE-2011-0506 - Multiples Vulnerabilities in ManageEngine ServiceDesk Plus",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/519652/100/0/threaded"
}
]
}

22
2011/1xxx/CVE-2011-1917.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1917",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1917",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

80
2011/3xxx/CVE-2011-3634.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3634",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3634",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors."
"lang": "eng",
"value": "methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3634.html",
"refsource" : "CONFIRM",
"url" : "http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3634.html"
"name": "USN-1283-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1283-1"
},
{
"name" : "https://alioth.debian.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=apt/apt.git;a=blob;f=debian/changelog;hb=HEAD",
"refsource" : "CONFIRM",
"url" : "https://alioth.debian.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=apt/apt.git;a=blob;f=debian/changelog;hb=HEAD"
"name": "https://alioth.debian.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=apt/apt.git;a=blob;f=debian/changelog;hb=HEAD",
"refsource": "CONFIRM",
"url": "https://alioth.debian.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=apt/apt.git;a=blob;f=debian/changelog;hb=HEAD"
},
{
"name" : "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/868353",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/868353"
"name": "http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3634.html",
"refsource": "CONFIRM",
"url": "http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3634.html"
},
{
"name" : "USN-1283-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1283-1"
"name": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/868353",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/868353"
}
]
}

68
2011/4xxx/CVE-2011-4019.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4019",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-4019",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs CSCto93837 and CSCtj61883."
"lang": "eng",
"value": "Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs CSCto93837 and CSCtj61883."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151TCAVS.html",
"refsource" : "CONFIRM",
"url" : "http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151TCAVS.html"
"name": "http://www.cisco.com/web/software/282074295/90289/cucm-readme-715bsu5.pdf",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/web/software/282074295/90289/cucm-readme-715bsu5.pdf"
},
{
"name" : "http://www.cisco.com/web/software/282074295/90289/cucm-readme-715bsu5.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.cisco.com/web/software/282074295/90289/cucm-readme-715bsu5.pdf"
"name": "http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151TCAVS.html",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151TCAVS.html"
}
]
}

62
2011/4xxx/CVE-2011-4256.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4256",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4256",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The RV30 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 does not initialize an unspecified index value, which allows remote attackers to execute arbitrary code via unknown vectors."
"lang": "eng",
"value": "The RV30 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 does not initialize an unspecified index value, which allows remote attackers to execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://service.real.com/realplayer/security/11182011_player/en/",
"refsource" : "CONFIRM",
"url" : "http://service.real.com/realplayer/security/11182011_player/en/"
"name": "http://service.real.com/realplayer/security/11182011_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/11182011_player/en/"
}
]
}

80
2011/4xxx/CVE-2011-4308.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4308",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4308",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "mod/forum/user.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 allows remote authenticated users to discover the names of other users via unspecified vectors."
"lang": "eng",
"value": "mod/forum/user.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 allows remote authenticated users to discover the names of other users via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&s=MDL-28615",
"refsource" : "CONFIRM",
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&s=MDL-28615"
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&s=MDL-28615",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&s=MDL-28615"
},
{
"name" : "http://moodle.org/mod/forum/discuss.php?d=188322",
"refsource" : "CONFIRM",
"url" : "http://moodle.org/mod/forum/discuss.php?d=188322"
"name": "http://moodle.org/mod/forum/discuss.php?d=188322",
"refsource": "CONFIRM",
"url": "http://moodle.org/mod/forum/discuss.php?d=188322"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=747444",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=747444"
"name": "DSA-2421",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2421"
},
{
"name" : "DSA-2421",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2421"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=747444",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=747444"
}
]
}

22
2011/4xxx/CVE-2011-4463.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4463",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4463",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2011/4xxx/CVE-2011-4513.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4513",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4513",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allow user-assisted remote attackers to execute arbitrary code via a crafted project file, related to the HMI web server and runtime loader."
"lang": "eng",
"value": "Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allow user-assisted remote attackers to execute arbitrary code via a crafted project file, related to the HMI web server and runtime loader."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"name" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
]
}

62
2011/4xxx/CVE-2011-4680.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4680",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4680",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the customer portal in vtiger CRM before 5.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the customer portal in vtiger CRM before 5.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://wiki.vtiger.com/index.php/Jan2011:ODUpdate",
"refsource" : "CONFIRM",
"url" : "http://wiki.vtiger.com/index.php/Jan2011:ODUpdate"
"name": "http://wiki.vtiger.com/index.php/Jan2011:ODUpdate",
"refsource": "CONFIRM",
"url": "http://wiki.vtiger.com/index.php/Jan2011:ODUpdate"
}
]
}

74
2011/5xxx/CVE-2011-5040.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5040",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5040",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Infoproject Biznis Heroj allow remote attackers to inject arbitrary web script or HTML via the config parameter to (1) nalozi_naslov.php and (2) widget.dokumenti_lista.php."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Infoproject Biznis Heroj allow remote attackers to inject arbitrary web script or HTML via the config parameter to (1) nalozi_naslov.php and (2) widget.dokumenti_lista.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "18259",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18259"
"name": "infoproject-config-xss(71928)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71928"
},
{
"name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5064.php",
"refsource" : "MISC",
"url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5064.php"
"name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5064.php",
"refsource": "MISC",
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5064.php"
},
{
"name" : "infoproject-config-xss(71928)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71928"
"name": "18259",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18259"
}
]
}

62
2011/5xxx/CVE-2011-5117.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5117",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5117",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, Sophos SafeGuard Easy Device Encryption Client 5.50.x, and Sophos Disk Encryption 5.50.x have a delay before removal of (1) out-of-date credentials and (2) invalid credentials, which allows physically proximate attackers to defeat the full-disk encryption feature by leveraging knowledge of these credentials."
"lang": "eng",
"value": "Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, Sophos SafeGuard Easy Device Encryption Client 5.50.x, and Sophos Disk Encryption 5.50.x have a delay before removal of (1) out-of-date credentials and (2) invalid credentials, which allows physically proximate attackers to defeat the full-disk encryption feature by leveraging knowledge of these credentials."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.sophos.com/en-us/support/knowledgebase/112655.aspx",
"refsource" : "CONFIRM",
"url" : "http://www.sophos.com/en-us/support/knowledgebase/112655.aspx"
"name": "http://www.sophos.com/en-us/support/knowledgebase/112655.aspx",
"refsource": "CONFIRM",
"url": "http://www.sophos.com/en-us/support/knowledgebase/112655.aspx"
}
]
}

22
2014/2xxx/CVE-2014-2666.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2666",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2666",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

284
2014/3xxx/CVE-2014-3571.json
View File

@ -1,246 +1,246 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3571",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3571",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c."
"lang": "eng",
"value": "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/openssl/openssl/commit/248385c606620b29ecc96ca9d3603463f879652b",
"refsource" : "CONFIRM",
"url" : "https://github.com/openssl/openssl/commit/248385c606620b29ecc96ca9d3603463f879652b"
"name": "HPSBOV03318",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142895206924048&w=2"
},
{
"name" : "https://github.com/openssl/openssl/commit/feba02f3919495e1b960c33ba849e10e77d0785d",
"refsource" : "CONFIRM",
"url" : "https://github.com/openssl/openssl/commit/feba02f3919495e1b960c33ba849e10e77d0785d"
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name" : "https://www.openssl.org/news/secadv_20150108.txt",
"refsource" : "CONFIRM",
"url" : "https://www.openssl.org/news/secadv_20150108.txt"
"name": "openSUSE-SU-2015:0130",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
},
{
"name" : "https://support.apple.com/HT204659",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT204659"
"name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
"name": "HPSBMU03409",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
"name": "https://support.apple.com/HT204659",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204659"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
"name": "71937",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71937"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
"name": "HPSBMU03380",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=143748090628601&w=2"
},
{
"name" : "https://bto.bluecoat.com/security-advisory/sa88",
"refsource" : "CONFIRM",
"url" : "https://bto.bluecoat.com/security-advisory/sa88"
"name": "https://github.com/openssl/openssl/commit/feba02f3919495e1b960c33ba849e10e77d0785d",
"refsource": "CONFIRM",
"url": "https://github.com/openssl/openssl/commit/feba02f3919495e1b960c33ba849e10e77d0785d"
},
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10102",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10102"
"name": "FEDORA-2015-0601",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html"
},
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10108",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10108"
"name": "1033378",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033378"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
"name": "HPSBHF03289",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142721102728110&w=2"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"name": "openSUSE-SU-2016:0640",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"name" : "APPLE-SA-2015-04-08-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name" : "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
"name": "https://www.openssl.org/news/secadv_20150108.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv_20150108.txt"
},
{
"name" : "DSA-3125",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3125"
"name": "MDVSA-2015:019",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
},
{
"name" : "FEDORA-2015-0512",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.html"
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"name" : "FEDORA-2015-0601",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name" : "HPSBUX03244",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142496289803847&w=2"
"name": "RHSA-2015:0066",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html"
},
{
"name" : "SSRT101885",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142496289803847&w=2"
"name": "HPSBUX03244",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142496289803847&w=2"
},
{
"name" : "HPSBHF03289",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142721102728110&w=2"
"name": "APPLE-SA-2015-04-08-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name" : "HPSBMU03380",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=143748090628601&w=2"
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10108",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10108"
},
{
"name" : "HPSBMU03396",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=144050205101530&w=2"
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10102",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10102"
},
{
"name" : "HPSBMU03397",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=144050297101809&w=2"
"name": "SUSE-SU-2015:0946",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
},
{
"name" : "HPSBMU03409",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=144050155601375&w=2"
"name": "HPSBMU03397",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=144050297101809&w=2"
},
{
"name" : "HPSBMU03413",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=144050254401665&w=2"
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name" : "HPSBOV03318",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142895206924048&w=2"
"name": "HPSBMU03396",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=144050205101530&w=2"
},
{
"name" : "HPSBUX03162",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142496179803395&w=2"
"name": "HPSBUX03162",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142496179803395&w=2"
},
{
"name" : "MDVSA-2015:019",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
"name": "MDVSA-2015:062",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
},
{
"name" : "MDVSA-2015:062",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name" : "RHSA-2015:0066",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0066.html"
"name": "HPSBMU03413",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=144050254401665&w=2"
},
{
"name" : "openSUSE-SU-2015:0130",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
"name": "SSRT101885",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142496289803847&w=2"
},
{
"name" : "SUSE-SU-2015:0946",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
"name": "https://bto.bluecoat.com/security-advisory/sa88",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa88"
},
{
"name" : "openSUSE-SU-2016:0640",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
"name": "DSA-3125",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3125"
},
{
"name" : "71937",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71937"
"name": "FEDORA-2015-0512",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.html"
},
{
"name" : "1033378",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033378"
"name": "https://github.com/openssl/openssl/commit/248385c606620b29ecc96ca9d3603463f879652b",
"refsource": "CONFIRM",
"url": "https://github.com/openssl/openssl/commit/248385c606620b29ecc96ca9d3603463f879652b"
}
]
}

62
2014/6xxx/CVE-2014-6031.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6031",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6031",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Buffer overflow in the mcpq daemon in F5 BIG-IP systems 10.x before 10.2.4 HF12, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x before 11.4.1 HF9, 11.5.x before 11.5.2 HF1, and 11.6.0 before HF4, and Enterprise Manager 2.1.0 through 2.3.0 and 3.x before 3.1.1 HF5 allows remote authenticated administrators to cause a denial of service via unspecified vectors."
"lang": "eng",
"value": "Buffer overflow in the mcpq daemon in F5 BIG-IP systems 10.x before 10.2.4 HF12, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x before 11.4.1 HF9, 11.5.x before 11.5.2 HF1, and 11.6.0 before HF4, and Enterprise Manager 2.1.0 through 2.3.0 and 3.x before 3.1.1 HF5 allows remote authenticated administrators to cause a denial of service via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://support.f5.com/csp/article/K16196",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/csp/article/K16196"
"name": "https://support.f5.com/csp/article/K16196",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K16196"
}
]
}

122
2014/6xxx/CVE-2014-6417.json
View File

@ -1,111 +1,111 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6417",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6417",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly consider the possibility of kmalloc failure, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a long unencrypted auth ticket."
"lang": "eng",
"value": "net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly consider the possibility of kmalloc failure, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a long unencrypted auth ticket."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20140915 Re: CVE Request: libceph auth token overflow / Linux kernel",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/09/15/7"
"name": "USN-2377-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2377-1"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c27a3e4d667fdcad3db7b104f75659478e0c68d8",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c27a3e4d667fdcad3db7b104f75659478e0c68d8"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1142072",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1142072"
},
{
"name" : "http://tracker.ceph.com/issues/8979",
"refsource" : "CONFIRM",
"url" : "http://tracker.ceph.com/issues/8979"
"name": "https://github.com/torvalds/linux/commit/c27a3e4d667fdcad3db7b104f75659478e0c68d8",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/c27a3e4d667fdcad3db7b104f75659478e0c68d8"
},
{
"name" : "http://tracker.ceph.com/issues/9560",
"refsource" : "CONFIRM",
"url" : "http://tracker.ceph.com/issues/9560"
"name": "[oss-security] 20140915 Re: CVE Request: libceph auth token overflow / Linux kernel",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/09/15/7"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.3",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.3"
"name": "USN-2378-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2378-1"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1142072",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1142072"
"name": "http://tracker.ceph.com/issues/9560",
"refsource": "CONFIRM",
"url": "http://tracker.ceph.com/issues/9560"
},
{
"name" : "https://github.com/torvalds/linux/commit/c27a3e4d667fdcad3db7b104f75659478e0c68d8",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/c27a3e4d667fdcad3db7b104f75659478e0c68d8"
"name": "http://tracker.ceph.com/issues/8979",
"refsource": "CONFIRM",
"url": "http://tracker.ceph.com/issues/8979"
},
{
"name" : "USN-2376-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2376-1"
"name": "USN-2379-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2379-1"
},
{
"name" : "USN-2377-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2377-1"
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.3",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.3"
},
{
"name" : "USN-2378-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2378-1"
"name": "USN-2376-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2376-1"
},
{
"name" : "USN-2379-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2379-1"
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c27a3e4d667fdcad3db7b104f75659478e0c68d8",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c27a3e4d667fdcad3db7b104f75659478e0c68d8"
}
]
}

74
2014/6xxx/CVE-2014-6462.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6462",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-6462",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.2.1 and 11.1.2.2 allows remote attackers to affect integrity via unknown vectors related to Admin Console."
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.2.1 and 11.1.2.2 allows remote attackers to affect integrity via unknown vectors related to Admin Console."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
"name": "70477",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70477"
},
{
"name" : "70477",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70477"
"name": "61767",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61767"
},
{
"name" : "61767",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61767"
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
}
]
}

80
2014/6xxx/CVE-2014-6551.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6551",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-6551",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN."
"lang": "eng",
"value": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
"name": "70462",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70462"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
"name": "SUSE-SU-2015:0743",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
},
{
"name" : "SUSE-SU-2015:0743",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name" : "70462",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70462"
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
]
}

74
2014/6xxx/CVE-2014-6648.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6648",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6648",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The iPhone4.TW (aka com.tapatalk.iPhone4TWforums) application 3.3.20 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
"lang": "eng",
"value": "The iPhone4.TW (aka com.tapatalk.iPhone4TWforums) application 3.3.20 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#758497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/758497"
"name": "VU#758497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/758497"
}
]
}

74
2014/7xxx/CVE-2014-7012.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7012",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7012",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Coffee Inn (aka lt.lemonlabs.android.coffeeinn) application 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
"lang": "eng",
"value": "The Coffee Inn (aka lt.lemonlabs.android.coffeeinn) application 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#366545",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/366545"
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
"name": "VU#366545",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/366545"
}
]
}

74
2014/7xxx/CVE-2014-7135.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7135",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7135",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Ayuntamiento de Coana (aka com.wInfoCoa) application 0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
"lang": "eng",
"value": "The Ayuntamiento de Coana (aka com.wInfoCoa) application 0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
"name": "VU#732273",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/732273"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#732273",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/732273"
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}

74
2014/7xxx/CVE-2014-7708.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7708",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7708",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Raven - The Culture Lover (aka com.booksbyraven) application 1.60 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
"lang": "eng",
"value": "The Raven - The Culture Lover (aka com.booksbyraven) application 1.60 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
"name": "VU#904577",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/904577"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#904577",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/904577"
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}

68
2017/0xxx/CVE-2017-0226.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2017-0226",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0226",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Internet Explorer",
"version" : {
"version_data" : [
"product_name": "Internet Explorer",
"version": {
"version_data": [
{
"version_value" : "Windows 8.1 for 32-bit systems, Windows 8.1 for x64-based systems, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, Windows 10 for 32-bit Systems, Windows 10 for x64-based Systems, Windows 10 Version 1511 for 32-bit Systems, Windows 10 Version 1511 for x64-based Systems, Windows 10 Version 1607 for 32-bit Systems, Windows 10 Version 1607 for x64-based Systems, Windows 10 Version 1703 for 32-bit Systems, Windows 10 Version 1703 for x64-based Systems, and Windows Server 2016."
"version_value": "Windows 8.1 for 32-bit systems, Windows 8.1 for x64-based systems, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, Windows 10 for 32-bit Systems, Windows 10 for x64-based Systems, Windows 10 Version 1511 for 32-bit Systems, Windows 10 Version 1511 for x64-based Systems, Windows 10 Version 1607 for 32-bit Systems, Windows 10 Version 1607 for x64-based Systems, Windows 10 Version 1703 for 32-bit Systems, Windows 10 Version 1703 for x64-based Systems, and Windows Server 2016."
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0222."
"lang": "eng",
"value": "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0222."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Remote Code Execution"
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0226",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0226"
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0226",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0226"
},
{
"name" : "98139",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98139"
"name": "98139",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98139"
}
]
}

68
2017/0xxx/CVE-2017-0336.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@nvidia.com",
"ID" : "CVE-2017-0336",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2017-0336",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Android",
"version" : {
"version_data" : [
"product_name": "Android",
"version": {
"version_data": [
{
"version_value" : "Kernel-3.18"
"version_value": "Kernel-3.18"
}
]
}
}
]
},
"vendor_name" : "Nvidia Corporation"
"vendor_name": "Nvidia Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability in the NVIDIA GPU driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.18. Android ID: A-33042679. References: N-CVE-2017-0336."
"lang": "eng",
"value": "An information disclosure vulnerability in the NVIDIA GPU driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.18. Android ID: A-33042679. References: N-CVE-2017-0336."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Information Disclosure Vulnerability"
"lang": "eng",
"value": "Information Disclosure Vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://source.android.com/security/bulletin/2017-03-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-03-01.html"
"name": "1037968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name" : "1037968",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037968"
"name": "https://source.android.com/security/bulletin/2017-03-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-03-01.html"
}
]
}

74
2017/0xxx/CVE-2017-0452.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-0452",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2017-0452",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Android",
"version" : {
"version_data" : [
"product_name": "Android",
"version": {
"version_data": [
{
"version_value" : "Kernel-3.10"
"version_value": "Kernel-3.10"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
"vendor_name": "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32873615. References: QC-CR#1093693."
"lang": "eng",
"value": "An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32873615. References: QC-CR#1093693."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Information disclosure"
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://source.android.com/security/bulletin/2017-03-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-03-01"
"name": "https://source.android.com/security/bulletin/2017-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name" : "96836",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96836"
"name": "1037968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name" : "1037968",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037968"
"name": "96836",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96836"
}
]
}

62
2017/18xxx/CVE-2017-18006.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18006",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18006",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "netpub/server.np in Extensis Portfolio NetPublish has XSS in the quickfind parameter, aka Open Bug Bounty ID OBB-290447."
"lang": "eng",
"value": "netpub/server.np in Extensis Portfolio NetPublish has XSS in the quickfind parameter, aka Open Bug Bounty ID OBB-290447."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.openbugbounty.org/reports/290447/",
"refsource" : "MISC",
"url" : "https://www.openbugbounty.org/reports/290447/"
"name": "https://www.openbugbounty.org/reports/290447/",
"refsource": "MISC",
"url": "https://www.openbugbounty.org/reports/290447/"
}
]
}

70
2017/18xxx/CVE-2017-18268.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@symantec.com",
"DATE_PUBLIC" : "2018-05-16T00:00:00",
"ID" : "CVE-2017-18268",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2018-05-16T00:00:00",
"ID": "CVE-2017-18268",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "IntelligenceCenter",
"version" : {
"version_data" : [
"product_name": "IntelligenceCenter",
"version": {
"version_data": [
{
"version_value" : "3.3"
"version_value": "3.3"
}
]
}
}
]
},
"vendor_name" : "Symantec Corporation"
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Symantec IntelligenceCenter 3.3 is vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. A remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, can establish large numbers of crafted SSL connections to the target and obtain the session keys required to decrypt the pre-recorded SSL session."
"lang": "eng",
"value": "Symantec IntelligenceCenter 3.3 is vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. A remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, can establish large numbers of crafted SSL connections to the target and obtain the session keys required to decrypt the pre-recorded SSL session."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Information disclosure"
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.symantec.com/security-center/network-protection-security-advisories/SA160",
"refsource" : "CONFIRM",
"url" : "https://www.symantec.com/security-center/network-protection-security-advisories/SA160"
"name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA160",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA160"
},
{
"name" : "104164",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104164"
"name": "104164",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104164"
}
]
}

74
2017/18xxx/CVE-2017-18304.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2017-18304",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2017-18304",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version" : {
"version_data" : [
"product_name": "Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value" : "FSM9055, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDX20"
"version_value": "FSM9055, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDX20"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Insufficient memory allocation in boot due to incorrect size being passed could result in out of bounds access in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in version FSM9055, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660 and SDX20"
"lang": "eng",
"value": "Insufficient memory allocation in boot due to incorrect size being passed could result in out of bounds access in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in version FSM9055, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660 and SDX20"
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Buffer Over-read in Power"
"lang": "eng",
"value": "Buffer Over-read in Power"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components"
"name": "https://www.qualcomm.com/company/product-security/bulletins",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
},
{
"name" : "https://www.qualcomm.com/company/product-security/bulletins",
"refsource" : "CONFIRM",
"url" : "https://www.qualcomm.com/company/product-security/bulletins"
"name": "1041432",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041432"
},
{
"name" : "1041432",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041432"
"name": "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components"
}
]
}

100
2017/1xxx/CVE-2017-1168.json
View File

@ -1,108 +1,108 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-08-09T00:00:00",
"ID" : "CVE-2017-1168",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-09T00:00:00",
"ID": "CVE-2017-1168",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Rational Engineering Lifecycle Manager",
"version" : {
"version_data" : [
"product_name": "Rational Engineering Lifecycle Manager",
"version": {
"version_data": [
{
"version_value" : "4.0.3"
"version_value": "4.0.3"
},
{
"version_value" : "4.0.4"
"version_value": "4.0.4"
},
{
"version_value" : "4.0.5"
"version_value": "4.0.5"
},
{
"version_value" : "4.0.6"
"version_value": "4.0.6"
},
{
"version_value" : "5.0"
"version_value": "5.0"
},
{
"version_value" : "4.0.7"
"version_value": "4.0.7"
},
{
"version_value" : "5.0.1"
"version_value": "5.0.1"
},
{
"version_value" : "5.0.2"
"version_value": "5.0.2"
},
{
"version_value" : "6.0"
"version_value": "6.0"
},
{
"version_value" : "6.0.1"
"version_value": "6.0.1"
},
{
"version_value" : "6.0.2"
"version_value": "6.0.2"
},
{
"version_value" : "6.0.3"
"version_value": "6.0.3"
},
{
"version_value" : "6.0.4"
"version_value": "6.0.4"
}
]
}
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM Rational Engineering Lifecycle Manager 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123187."
"lang": "eng",
"value": "IBM Rational Engineering Lifecycle Manager 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123187."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123187",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123187"
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006976",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006976"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22006976",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22006976"
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123187",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123187"
},
{
"name" : "100269",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100269"
"name": "100269",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100269"
}
]
}

70
2017/1xxx/CVE-2017-1291.json
View File

@ -1,69 +1,69 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2017-1291",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2017-1291",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Maximo Asset Management",
"version" : {
"version_data" : [
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value" : "7.5"
"version_value": "7.5"
},
{
"version_value" : "7.6"
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 125152."
"lang": "eng",
"value": "IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 125152."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Gain Access"
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125152",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125152"
"name": "http://www.ibm.com/support/docview.wss?uid=swg22003413",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003413"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22003413",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22003413"
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125152",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125152"
}
]
}

120
2017/1xxx/CVE-2017-1350.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-06-01T00:00:00",
"ID" : "CVE-2017-1350",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-06-01T00:00:00",
"ID": "CVE-2017-1350",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "InfoSphere Information Server",
"version" : {
"version_data" : [
"product_name": "InfoSphere Information Server",
"version": {
"version_data": [
{
"version_value" : "9.1"
"version_value": "9.1"
},
{
"version_value" : "11.3"
"version_value": "11.3"
},
{
"version_value" : "11.5"
"version_value": "11.5"
},
{
"version_value" : "11.7"
"version_value": "11.7"
}
]
}
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 could allow a user to escalate their privileges to administrator due to improper access controls. IBM X-Force ID: 126526."
"lang": "eng",
"value": "IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 could allow a user to escalate their privileges to administrator due to improper access controls. IBM X-Force ID: 126526."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "H",
"AC" : "L",
"AV" : "L",
"C" : "H",
"I" : "H",
"PR" : "N",
"S" : "U",
"SCORE" : "8.400",
"UI" : "N"
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "L",
"C": "H",
"I": "H",
"PR": "N",
"S": "U",
"SCORE": "8.400",
"UI": "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Gain Privileges"
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22005503",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22005503"
"name": "104550",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104550"
},
{
"name" : "104550",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104550"
"name": "ibm-infosphere-cve20171350-priv-escalation(126526)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126526"
},
{
"name" : "1041042",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041042"
"name": "1041042",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041042"
},
{
"name" : "ibm-infosphere-cve20171350-priv-escalation(126526)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126526"
"name": "http://www.ibm.com/support/docview.wss?uid=swg22005503",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005503"
}
]
}

226
2017/1xxx/CVE-2017-1509.json
View File

@ -1,261 +1,261 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-06-28T00:00:00",
"ID" : "CVE-2017-1509",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-06-28T00:00:00",
"ID": "CVE-2017-1509",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Rational Rhapsody Design Manager",
"version" : {
"version_data" : [
"product_name": "Rational Rhapsody Design Manager",
"version": {
"version_data": [
{
"version_value" : "6.0"
"version_value": "6.0"
},
{
"version_value" : "6.0.1"
"version_value": "6.0.1"
},
{
"version_value" : "6.0.2"
"version_value": "6.0.2"
},
{
"version_value" : "6.0.3"
"version_value": "6.0.3"
},
{
"version_value" : "6.0.4"
"version_value": "6.0.4"
},
{
"version_value" : "6.0.5"
"version_value": "6.0.5"
},
{
"version_value" : "5.0.x"
"version_value": "5.0.x"
}
]
}
},
{
"product_name" : "Rational Software Architect Design Manager",
"version" : {
"version_data" : [
"product_name": "Rational Software Architect Design Manager",
"version": {
"version_data": [
{
"version_value" : "6.0"
"version_value": "6.0"
},
{
"version_value" : "6.0.1"
"version_value": "6.0.1"
},
{
"version_value" : "5.0.x"
"version_value": "5.0.x"
}
]
}
},
{
"product_name" : "Rational Team Concert",
"version" : {
"version_data" : [
"product_name": "Rational Team Concert",
"version": {
"version_data": [
{
"version_value" : "6.0"
"version_value": "6.0"
},
{
"version_value" : "6.0.1"
"version_value": "6.0.1"
},
{
"version_value" : "6.0.2"
"version_value": "6.0.2"
},
{
"version_value" : "6.0.3"
"version_value": "6.0.3"
},
{
"version_value" : "6.0.4"
"version_value": "6.0.4"
},
{
"version_value" : "6.0.5"
"version_value": "6.0.5"
},
{
"version_value" : "5.0.x"
"version_value": "5.0.x"
}
]
}
},
{
"product_name" : "Rational Collaborative Lifecycle Management",
"version" : {
"version_data" : [
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value" : "6.0"
"version_value": "6.0"
},
{
"version_value" : "6.0.1"
"version_value": "6.0.1"
},
{
"version_value" : "6.0.2"
"version_value": "6.0.2"
},
{
"version_value" : "6.0.3"
"version_value": "6.0.3"
},
{
"version_value" : "6.0.4"
"version_value": "6.0.4"
},
{
"version_value" : "6.0.5"
"version_value": "6.0.5"
},
{
"version_value" : "5.0.x"
"version_value": "5.0.x"
}
]
}
},
{
"product_name" : "Rational Engineering Lifecycle Manager",
"version" : {
"version_data" : [
"product_name": "Rational Engineering Lifecycle Manager",
"version": {
"version_data": [
{
"version_value" : "6.0"
"version_value": "6.0"
},
{
"version_value" : "6.0.1"
"version_value": "6.0.1"
},
{
"version_value" : "6.0.2"
"version_value": "6.0.2"
},
{
"version_value" : "6.0.3"
"version_value": "6.0.3"
},
{
"version_value" : "6.0.4"
"version_value": "6.0.4"
},
{
"version_value" : "6.0.5"
"version_value": "6.0.5"
},
{
"version_value" : "5.0.x"
"version_value": "5.0.x"
}
]
}
},
{
"product_name" : "Rational DOORS Next Generation",
"version" : {
"version_data" : [
"product_name": "Rational DOORS Next Generation",
"version": {
"version_data": [
{
"version_value" : "6.0"
"version_value": "6.0"
},
{
"version_value" : "6.0.1"
"version_value": "6.0.1"
},
{
"version_value" : "6.0.2"
"version_value": "6.0.2"
},
{
"version_value" : "6.0.3"
"version_value": "6.0.3"
},
{
"version_value" : "6.0.4"
"version_value": "6.0.4"
},
{
"version_value" : "6.0.5"
"version_value": "6.0.5"
},
{
"version_value" : "5.0.x"
"version_value": "5.0.x"
}
]
}
},
{
"product_name" : "Rational Quality Manager",
"version" : {
"version_data" : [
"product_name": "Rational Quality Manager",
"version": {
"version_data": [
{
"version_value" : "6.0"
"version_value": "6.0"
},
{
"version_value" : "6.0.1"
"version_value": "6.0.1"
},
{
"version_value" : "6.0.2"
"version_value": "6.0.2"
},
{
"version_value" : "6.0.3"
"version_value": "6.0.3"
},
{
"version_value" : "6.0.4"
"version_value": "6.0.4"
},
{
"version_value" : "6.0.5"
"version_value": "6.0.5"
},
{
"version_value" : "5.0.x"
"version_value": "5.0.x"
}
]
}
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 129719."
"lang": "eng",
"value": "IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 129719."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "N",
"PR" : "L",
"S" : "U",
"SCORE" : "4.300",
"UI" : "N"
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"SCORE": "4.300",
"UI": "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Obtain Information"
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www-prd-trops.events.ibm.com/node/715709",
"refsource" : "CONFIRM",
"url" : "https://www-prd-trops.events.ibm.com/node/715709"
"name": "ibm-jazz-cve20171509-info-disc(129719)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129719"
},
{
"name" : "ibm-jazz-cve20171509-info-disc(129719)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129719"
"name": "https://www-prd-trops.events.ibm.com/node/715709",
"refsource": "CONFIRM",
"url": "https://www-prd-trops.events.ibm.com/node/715709"
}
]
}

22
2017/1xxx/CVE-2017-1574.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1574",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1574",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

108
2017/1xxx/CVE-2017-1654.json
View File

@ -1,99 +1,99 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-02-26T00:00:00",
"ID" : "CVE-2017-1654",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-02-26T00:00:00",
"ID": "CVE-2017-1654",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Spectrum Scale",
"version" : {
"version_data" : [
"product_name": "Spectrum Scale",
"version": {
"version_data": [
{
"version_value" : "4.1.1"
"version_value": "4.1.1"
},
{
"version_value" : "4.2.0"
"version_value": "4.2.0"
},
{
"version_value" : "4.2.1"
"version_value": "4.2.1"
},
{
"version_value" : "4.2.2"
"version_value": "4.2.2"
},
{
"version_value" : "4.2.3"
"version_value": "4.2.3"
}
]
}
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements. IBM X-Force ID: 133378."
"lang": "eng",
"value": "IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements. IBM X-Force ID: 133378."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "L",
"C" : "L",
"I" : "N",
"PR" : "N",
"S" : "U",
"SCORE" : "4.000",
"UI" : "N"
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "L",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"SCORE": "4.000",
"UI": "N"
}
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Obtain Information"
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/133378",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/133378"
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133378",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133378"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ssg1S1010869",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ssg1S1010869"
"name": "1040747",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040747"
},
{
"name" : "1040747",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040747"
"name": "http://www.ibm.com/support/docview.wss?uid=ssg1S1010869",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1010869"
}
]
}

92
2017/5xxx/CVE-2017-5125.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-5125",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5125",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Google Chrome prior to 62.0.3202.62",
"version" : {
"version_data" : [
"product_name": "Google Chrome prior to 62.0.3202.62",
"version": {
"version_data": [
{
"version_value" : "Google Chrome prior to 62.0.3202.62"
"version_value": "Google Chrome prior to 62.0.3202.62"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
"lang": "eng",
"value": "Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Heap buffer overflow"
"lang": "eng",
"value": "Heap buffer overflow"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html",
"refsource" : "MISC",
"url" : "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html"
"name": "101482",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101482"
},
{
"name" : "https://crbug.com/749147",
"refsource" : "MISC",
"url" : "https://crbug.com/749147"
"name": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html"
},
{
"name" : "DSA-4020",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-4020"
"name": "https://crbug.com/749147",
"refsource": "MISC",
"url": "https://crbug.com/749147"
},
{
"name" : "GLSA-201710-24",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201710-24"
"name": "DSA-4020",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4020"
},
{
"name" : "RHSA-2017:2997",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2997"
"name": "RHSA-2017:2997",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2997"
},
{
"name" : "101482",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101482"
"name": "GLSA-201710-24",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-24"
}
]
}

22
2017/5xxx/CVE-2017-5360.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5360",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5360",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2017/5xxx/CVE-2017-5865.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5865",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5865",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is valid, which allows remote attackers to enumerate user names via a large number of password reset attempts."
"lang": "eng",
"value": "The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is valid, which allows remote attackers to enumerate user names via a large number of password reset attempts."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://owncloud.org/security/advisory/?id=oc-sa-2017-001",
"refsource" : "CONFIRM",
"url" : "https://owncloud.org/security/advisory/?id=oc-sa-2017-001"
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2017-001",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-001"
},
{
"name" : "96425",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96425"
"name": "96425",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96425"
}
]
}

22
2017/5xxx/CVE-2017-5908.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5908",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-5908",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-3212. Reason: This candidate is a reservation duplicate of CVE-2017-3212. Notes: All CVE users should reference CVE-2017-3212 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-3212. Reason: This candidate is a reservation duplicate of CVE-2017-3212. Notes: All CVE users should reference CVE-2017-3212 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}