admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:56:09 +00:00
parent c63ce1c781
commit 18b6da3ea6
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
52 changed files with 3288 additions and 3288 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

180
2006/2xxx/CVE-2006-2913.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2913",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in SelectaPix 1.31 allows remote attackers to inject arbitrary web script or HTML via the albumID parameter to (1) popup.php and (2) view_album.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2006-2913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://secunia.com/secunia_research/2006-39/advisory/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2006-39/advisory/"
},
{
"name" : "18349",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18349"
},
{
"name" : "ADV-2006-2232",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2232"
},
{
"name" : "26248",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26248"
},
{
"name" : "26247",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26247"
},
{
"name" : "20134",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20134"
},
{
"name" : "selectapix-popup-viewalbum-xss(27012)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27012"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in SelectaPix 1.31 allows remote attackers to inject arbitrary web script or HTML via the albumID parameter to (1) popup.php and (2) view_album.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2232",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2232"
},
{
"name": "20134",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20134"
},
{
"name": "18349",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18349"
},
{
"name": "26248",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26248"
},
{
"name": "26247",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26247"
},
{
"name": "http://secunia.com/secunia_research/2006-39/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2006-39/advisory/"
},
{
"name": "selectapix-popup-viewalbum-xss(27012)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27012"
}
]
}
}

160
2006/3xxx/CVE-2006-3191.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3191",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in comment.php in MPCS 0.2 allows remote attackers to inject arbitrary web script or HTML via the pageid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060617 MPCS v0.2 - XSS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/437631/100/0/threaded"
},
{
"name" : "http://tpvgames.co.uk/mpcs/",
"refsource" : "CONFIRM",
"url" : "http://tpvgames.co.uk/mpcs/"
},
{
"name" : "18470",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18470"
},
{
"name" : "1130",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1130"
},
{
"name" : "mpcs-comment-xss(27286)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27286"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in comment.php in MPCS 0.2 allows remote attackers to inject arbitrary web script or HTML via the pageid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mpcs-comment-xss(27286)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27286"
},
{
"name": "20060617 MPCS v0.2 - XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437631/100/0/threaded"
},
{
"name": "18470",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18470"
},
{
"name": "1130",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1130"
},
{
"name": "http://tpvgames.co.uk/mpcs/",
"refsource": "CONFIRM",
"url": "http://tpvgames.co.uk/mpcs/"
}
]
}
}

170
2006/3xxx/CVE-2006-3662.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3662",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter. NOTE: this issue has been disputed by the vendor, who states \"The mentioned SQL injection vulnerability is not possible.\" However, the relevant source code suggests that this issue may be legitimate, and the parameter is cleansed in 1.5.3.1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060708 ATutor 1.5.3 Cross Site Scripting",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-07/0096.html"
},
{
"name" : "20060711 Re: ATutor 1.5.3 Cross Site Scripting",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/439873/100/100/threaded"
},
{
"name" : "20060721 Re: ATutor 1.5.3 Cross Site Scripting",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/440837/100/100/threaded"
},
{
"name" : "18898",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18898"
},
{
"name" : "28188",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28188"
},
{
"name" : "atutor-index-sql-injection(27620)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27620"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter. NOTE: this issue has been disputed by the vendor, who states \"The mentioned SQL injection vulnerability is not possible.\" However, the relevant source code suggests that this issue may be legitimate, and the parameter is cleansed in 1.5.3.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "atutor-index-sql-injection(27620)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27620"
},
{
"name": "20060708 ATutor 1.5.3 Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0096.html"
},
{
"name": "28188",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28188"
},
{
"name": "18898",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18898"
},
{
"name": "20060721 Re: ATutor 1.5.3 Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440837/100/100/threaded"
},
{
"name": "20060711 Re: ATutor 1.5.3 Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439873/100/100/threaded"
}
]
}
}

150
2006/3xxx/CVE-2006-3945.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3945",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The CSS functionality in Opera 9 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the background property of a DHTML element to a long http or https URL, which triggers memory corruption."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://browserfun.blogspot.com/2006/07/mobb-26-opera-css-background.html",
"refsource" : "MISC",
"url" : "http://browserfun.blogspot.com/2006/07/mobb-26-opera-css-background.html"
},
{
"name" : "ADV-2006-2987",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2987"
},
{
"name" : "27374",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27374"
},
{
"name" : "opera-dhtml-background-dos(27977)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27977"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CSS functionality in Opera 9 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the background property of a DHTML element to a long http or https URL, which triggers memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "opera-dhtml-background-dos(27977)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27977"
},
{
"name": "http://browserfun.blogspot.com/2006/07/mobb-26-opera-css-background.html",
"refsource": "MISC",
"url": "http://browserfun.blogspot.com/2006/07/mobb-26-opera-css-background.html"
},
{
"name": "27374",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27374"
},
{
"name": "ADV-2006-2987",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2987"
}
]
}
}

180
2006/4xxx/CVE-2006-4051.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4051",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in global.php in Turnkey Web Tools PHP Live Helper 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060804 [ECHO_ADV_42$2006] PHP Live Helper <= 2.0 (abs_path) Remote File Inclusion",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/442219/100/0/threaded"
},
{
"name" : "http://advisories.echo.or.id/adv/adv43-matdhule-2006.txt",
"refsource" : "MISC",
"url" : "http://advisories.echo.or.id/adv/adv43-matdhule-2006.txt"
},
{
"name" : "2120",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2120"
},
{
"name" : "19349",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19349"
},
{
"name" : "ADV-2006-3194",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3194"
},
{
"name" : "1016639",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016639"
},
{
"name" : "1369",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1369"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in global.php in Turnkey Web Tools PHP Live Helper 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3194",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3194"
},
{
"name": "1369",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1369"
},
{
"name": "2120",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2120"
},
{
"name": "http://advisories.echo.or.id/adv/adv43-matdhule-2006.txt",
"refsource": "MISC",
"url": "http://advisories.echo.or.id/adv/adv43-matdhule-2006.txt"
},
{
"name": "20060804 [ECHO_ADV_42$2006] PHP Live Helper <= 2.0 (abs_path) Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442219/100/0/threaded"
},
{
"name": "1016639",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016639"
},
{
"name": "19349",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19349"
}
]
}
}

170
2006/4xxx/CVE-2006-4558.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4558",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060516 DeluxeBB <= v1.06 attachment mod_mime exploit",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-05/0318.html"
},
{
"name" : "http://retrogod.altervista.org/deluxebb_106_xpl.html",
"refsource" : "MISC",
"url" : "http://retrogod.altervista.org/deluxebb_106_xpl.html"
},
{
"name" : "ADV-2006-1843",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1843"
},
{
"name" : "20135",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20135"
},
{
"name" : "1492",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1492"
},
{
"name" : "deluxebb-modmime-file-upload(26485)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26485"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1492",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1492"
},
{
"name": "http://retrogod.altervista.org/deluxebb_106_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/deluxebb_106_xpl.html"
},
{
"name": "ADV-2006-1843",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1843"
},
{
"name": "deluxebb-modmime-file-upload(26485)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26485"
},
{
"name": "20135",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20135"
},
{
"name": "20060516 DeluxeBB <= v1.06 attachment mod_mime exploit",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0318.html"
}
]
}
}

170
2006/6xxx/CVE-2006-6209.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6209",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart and ASP Plus Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) id2006quant parameter to (a) item_show.asp, or the (2) maingroup or (3) secondgroup parameter to (b) item_list.asp. NOTE: the code_no parameter to Item_Show.asp is covered by CVE-2005-2601."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061124 [Aria-Security Team] MidiCart ASP Plus Shopping Cart SQL Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/452557/100/0/threaded"
},
{
"name" : "20061124 [Aria-Security Team] MidiCart ASP Shopping Cart SQL Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/452573/100/0/threaded"
},
{
"name" : "http://www.aria-security.com/forum/showthread.php?t=42",
"refsource" : "MISC",
"url" : "http://www.aria-security.com/forum/showthread.php?t=42"
},
{
"name" : "21273",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21273"
},
{
"name" : "1947",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1947"
},
{
"name" : "midicart-itemshow-sql-injection(30506)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30506"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart and ASP Plus Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) id2006quant parameter to (a) item_show.asp, or the (2) maingroup or (3) secondgroup parameter to (b) item_list.asp. NOTE: the code_no parameter to Item_Show.asp is covered by CVE-2005-2601."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.aria-security.com/forum/showthread.php?t=42",
"refsource": "MISC",
"url": "http://www.aria-security.com/forum/showthread.php?t=42"
},
{
"name": "1947",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1947"
},
{
"name": "20061124 [Aria-Security Team] MidiCart ASP Plus Shopping Cart SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452557/100/0/threaded"
},
{
"name": "20061124 [Aria-Security Team] MidiCart ASP Shopping Cart SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452573/100/0/threaded"
},
{
"name": "midicart-itemshow-sql-injection(30506)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30506"
},
{
"name": "21273",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21273"
}
]
}
}

140
2006/6xxx/CVE-2006-6329.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6329",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "index.php for TorrentFlux 2.2 allows remote attackers to delete files by specifying the target filename in the delfile parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2786",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2786"
},
{
"name" : "22880",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22880"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23400582",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23400582"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "index.php for TorrentFlux 2.2 allows remote attackers to delete files by specifying the target filename in the delfile parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23400582",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23400582"
},
{
"name": "2786",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2786"
},
{
"name": "22880",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22880"
}
]
}
}

160
2006/6xxx/CVE-2006-6371.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6371",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in pbguestbook.php in JAB Guest Book allows remote attackers to inject arbitrary web script or HTML via the author parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061204 XSS in JAB Guest Book",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/453482/100/0/threaded"
},
{
"name" : "21429",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21429"
},
{
"name" : "23216",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23216"
},
{
"name" : "1992",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1992"
},
{
"name" : "jabguestbook-pbguestbook-xss(30718)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30718"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in pbguestbook.php in JAB Guest Book allows remote attackers to inject arbitrary web script or HTML via the author parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061204 XSS in JAB Guest Book",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453482/100/0/threaded"
},
{
"name": "21429",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21429"
},
{
"name": "jabguestbook-pbguestbook-xss(30718)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30718"
},
{
"name": "23216",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23216"
},
{
"name": "1992",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1992"
}
]
}
}

170
2006/6xxx/CVE-2006-6375.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6375",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in display.php in Simple Machines Forum (SMF) 1.1 Final and earlier allows remote attackers to inject arbitrary web script or HTML via the contents of a file that is uploaded with the image parameter set, which can be interpreted as script by Internet Explorer's automatic type detection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061203 SMF upload XSS vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/453426/100/0/threaded"
},
{
"name" : "21431",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21431"
},
{
"name" : "ADV-2006-4843",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4843"
},
{
"name" : "23175",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23175"
},
{
"name" : "2001",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2001"
},
{
"name" : "smf-display-xss(30659)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30659"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in display.php in Simple Machines Forum (SMF) 1.1 Final and earlier allows remote attackers to inject arbitrary web script or HTML via the contents of a file that is uploaded with the image parameter set, which can be interpreted as script by Internet Explorer's automatic type detection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23175",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23175"
},
{
"name": "ADV-2006-4843",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4843"
},
{
"name": "smf-display-xss(30659)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30659"
},
{
"name": "20061203 SMF upload XSS vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453426/100/0/threaded"
},
{
"name": "21431",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21431"
},
{
"name": "2001",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2001"
}
]
}
}

130
2006/7xxx/CVE-2006-7026.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7026",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in sources/join.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[path] parameter, a different vector than CVE-2006-2149."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "1730",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1730"
},
{
"name" : "aardvark-lostpw-join-file-include(26189)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26189"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in sources/join.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[path] parameter, a different vector than CVE-2006-2149."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1730",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1730"
},
{
"name": "aardvark-lostpw-join-file-include(26189)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26189"
}
]
}
}

150
2010/2xxx/CVE-2010-2480.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2480",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.python.org/issue9061",
"refsource" : "MISC",
"url" : "http://bugs.python.org/issue9061"
},
{
"name" : "http://www.makotemplates.org/CHANGES",
"refsource" : "CONFIRM",
"url" : "http://www.makotemplates.org/CHANGES"
},
{
"name" : "SUSE-SR:2010:014",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name" : "39935",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39935"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.makotemplates.org/CHANGES",
"refsource": "CONFIRM",
"url": "http://www.makotemplates.org/CHANGES"
},
{
"name": "http://bugs.python.org/issue9061",
"refsource": "MISC",
"url": "http://bugs.python.org/issue9061"
},
{
"name": "SUSE-SR:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "39935",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39935"
}
]
}
}

150
2010/2xxx/CVE-2010-2944.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2944",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The authenticate function in LDAPUserFolder/LDAPUserFolder.py in zope-ldapuserfolder 2.9-1 does not verify the password for the emergency account, which allows remote attackers to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100818 CVE request: zope-ldapuser",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/08/18/3"
},
{
"name" : "[oss-security] 20100819 Re: CVE request: zope-ldapuser",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/08/19/7"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593466",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593466"
},
{
"name" : "41022",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41022"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The authenticate function in LDAPUserFolder/LDAPUserFolder.py in zope-ldapuserfolder 2.9-1 does not verify the password for the emergency account, which allows remote attackers to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41022",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41022"
},
{
"name": "[oss-security] 20100819 Re: CVE request: zope-ldapuser",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/08/19/7"
},
{
"name": "[oss-security] 20100818 CVE request: zope-ldapuser",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/08/18/3"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593466",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593466"
}
]
}
}

150
2011/0xxx/CVE-2011-0022.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0022",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary process termination) by replacing PID files contained in this directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-0022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=671199",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=671199"
},
{
"name" : "RHSA-2011:0293",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0293.html"
},
{
"name" : "46489",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46489"
},
{
"name" : "1025102",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025102"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary process termination) by replacing PID files contained in this directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1025102",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025102"
},
{
"name": "RHSA-2011:0293",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0293.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=671199",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=671199"
},
{
"name": "46489",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46489"
}
]
}
}

34
2011/0xxx/CVE-2011-0292.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0292",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0292",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

180
2011/0xxx/CVE-2011-0717.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0717",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Session fixation vulnerability in Red Hat Network (RHN) Satellite Server 5.4 allows remote attackers to hijack web sessions via unspecified vectors related to Spacewalk."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-0717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=672159",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=672159"
},
{
"name" : "RHSA-2011:0300",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0300.html"
},
{
"name" : "46528",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46528"
},
{
"name" : "1025116",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025116"
},
{
"name" : "43487",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43487"
},
{
"name" : "ADV-2011-0491",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0491"
},
{
"name" : "rhnss-session-hijacking(65658)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65658"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in Red Hat Network (RHN) Satellite Server 5.4 allows remote attackers to hijack web sessions via unspecified vectors related to Spacewalk."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46528",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46528"
},
{
"name": "ADV-2011-0491",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0491"
},
{
"name": "RHSA-2011:0300",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0300.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=672159",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=672159"
},
{
"name": "1025116",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025116"
},
{
"name": "rhnss-session-hijacking(65658)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65658"
},
{
"name": "43487",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43487"
}
]
}
}

34
2011/0xxx/CVE-2011-0888.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0888",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0888",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2011/0xxx/CVE-2011-0993.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0993",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "SUSE-SR:2011:007",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00005.html"
},
{
"name" : "slms-cve20110993-info-disc(95697)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95697"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "slms-cve20110993-info-disc(95697)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95697"
},
{
"name": "SUSE-SR:2011:007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00005.html"
}
]
}
}

34
2011/1xxx/CVE-2011-1039.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1039",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1039",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2011/1xxx/CVE-2011-1277.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1277",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka \"Excel Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-1277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS11-045",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045"
},
{
"name" : "48162",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/48162"
},
{
"name" : "oval:org.mitre.oval:def:12291",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12291"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka \"Excel Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48162"
},
{
"name": "oval:org.mitre.oval:def:12291",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12291"
},
{
"name": "MS11-045",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045"
}
]
}
}

200
2011/1xxx/CVE-2011-1728.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1728",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed EXEC_BAR message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2011-1728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110429 ZDI-11-144: HP Data Protector Backup Client Service EXEC_BAR Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/517764/100/0/threaded"
},
{
"name" : "http://zerodayinitiative.com/advisories/ZDI-11-144/",
"refsource" : "MISC",
"url" : "http://zerodayinitiative.com/advisories/ZDI-11-144/"
},
{
"name" : "HPSBMA02668",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240"
},
{
"name" : "SSRT100474",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240"
},
{
"name" : "47638",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47638"
},
{
"name" : "72187",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/72187"
},
{
"name" : "1025454",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025454"
},
{
"name" : "44402",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44402"
},
{
"name" : "hp-openview-data-code-exec(67201)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67201"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed EXEC_BAR message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110429 ZDI-11-144: HP Data Protector Backup Client Service EXEC_BAR Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517764/100/0/threaded"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-144/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-144/"
},
{
"name": "47638",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47638"
},
{
"name": "hp-openview-data-code-exec(67201)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67201"
},
{
"name": "HPSBMA02668",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240"
},
{
"name": "SSRT100474",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240"
},
{
"name": "44402",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44402"
},
{
"name": "72187",
"refsource": "OSVDB",
"url": "http://osvdb.org/72187"
},
{
"name": "1025454",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025454"
}
]
}
}

220
2011/1xxx/CVE-2011-1748.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1748",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The raw_release function in net/can/raw.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[netdev] 20110420 [PATCH v2] can: add missing socket check in can/raw release",
"refsource" : "MLIST",
"url" : "http://permalink.gmane.org/gmane.linux.network/192974"
},
{
"name" : "[oss-security] 20110421 Re: CVE request: kernel: missing socket check in can/bcm release",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/04/20/7"
},
{
"name" : "[oss-security] 20110421 Re: CVE request: kernel: missing socket check in can/bcm release",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/04/21/1"
},
{
"name" : "[oss-security] 20110421 Re: CVE request: kernel: missing socket check in can/bcm release",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/04/21/2"
},
{
"name" : "[oss-security] 20110421 Re: CVE request: kernel: missing socket check in can/bcm release",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/04/21/7"
},
{
"name" : "[oss-security] 20110422 Re: CVE request: kernel: missing socket check in can/bcm release",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/04/22/2"
},
{
"name" : "[oss-security] 20110425 Re: CVE request: kernel: missing socket check in can/bcm release",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/04/25/4"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=10022a6c66e199d8f61d9044543f38785713cbbd",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=10022a6c66e199d8f61d9044543f38785713cbbd"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.39-rc6",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.39-rc6"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=698057",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=698057"
},
{
"name" : "47835",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47835"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The raw_release function in net/can/raw.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110421 Re: CVE request: kernel: missing socket check in can/bcm release",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/21/1"
},
{
"name": "[oss-security] 20110421 Re: CVE request: kernel: missing socket check in can/bcm release",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/20/7"
},
{
"name": "47835",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47835"
},
{
"name": "[oss-security] 20110425 Re: CVE request: kernel: missing socket check in can/bcm release",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/25/4"
},
{
"name": "[oss-security] 20110421 Re: CVE request: kernel: missing socket check in can/bcm release",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/21/7"
},
{
"name": "[netdev] 20110420 [PATCH v2] can: add missing socket check in can/raw release",
"refsource": "MLIST",
"url": "http://permalink.gmane.org/gmane.linux.network/192974"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.39-rc6",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.39-rc6"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=10022a6c66e199d8f61d9044543f38785713cbbd",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=10022a6c66e199d8f61d9044543f38785713cbbd"
},
{
"name": "[oss-security] 20110422 Re: CVE request: kernel: missing socket check in can/bcm release",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/22/2"
},
{
"name": "[oss-security] 20110421 Re: CVE request: kernel: missing socket check in can/bcm release",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/21/2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=698057",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=698057"
}
]
}
}

34
2011/4xxx/CVE-2011-4204.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4204",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4204",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2011/4xxx/CVE-2011-4819.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4819",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via the uisesionid parameter to (1) maximo.jsp or (2) the default URI under ui/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2011-4819",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21584666",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21584666"
},
{
"name" : "IV09202",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09202"
},
{
"name" : "52333",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52333"
},
{
"name" : "48299",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48299"
},
{
"name" : "maximo-uisesionid-xss(72008)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72008"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via the uisesionid parameter to (1) maximo.jsp or (2) the default URI under ui/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21584666",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
},
{
"name": "maximo-uisesionid-xss(72008)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72008"
},
{
"name": "48299",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48299"
},
{
"name": "52333",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52333"
},
{
"name": "IV09202",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09202"
}
]
}
}

34
2011/4xxx/CVE-2011-4937.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4937",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4937",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2014/2xxx/CVE-2014-2521.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2521",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to read sensitive object metadata via an RPC command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-2521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140818 ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/533162/30/0/threaded"
},
{
"name" : "69276",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69276"
},
{
"name" : "1030743",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030743"
},
{
"name" : "60571",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60571"
},
{
"name" : "emc-documentum-cve20142521-info-disc(95370)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95370"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to read sensitive object metadata via an RPC command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1030743",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030743"
},
{
"name": "69276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69276"
},
{
"name": "20140818 ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533162/30/0/threaded"
},
{
"name": "60571",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60571"
},
{
"name": "emc-documentum-cve20142521-info-disc(95370)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95370"
}
]
}
}

34
2014/2xxx/CVE-2014-2984.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2984",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2650. Reason: This candidate is a reservation duplicate of CVE-2014-2650. Notes: All CVE users should reference CVE-2014-2650 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-2984",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2650. Reason: This candidate is a reservation duplicate of CVE-2014-2650. Notes: All CVE users should reference CVE-2014-2650 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

140
2014/3xxx/CVE-2014-3069.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3069",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple CRLF injection vulnerabilities in the Universal Access component in IBM Curam Social Program Management (SPM) 6.0.5.5, when WebSphere Application Server is not used, allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681213",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681213"
},
{
"name" : "59688",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59688"
},
{
"name" : "ibm-curam-cve20143069-csrf(94839)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94839"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple CRLF injection vulnerabilities in the Universal Access component in IBM Curam Social Program Management (SPM) 6.0.5.5, when WebSphere Application Server is not used, allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681213",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681213"
},
{
"name": "59688",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59688"
},
{
"name": "ibm-curam-cve20143069-csrf(94839)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94839"
}
]
}
}

360
2014/3xxx/CVE-2014-3668.json
View File

@ -1,182 +1,182 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3668",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.php.net/?p=php-src.git;a=commit;h=88412772d295ebf7dd34409534507dc9bcac726e",
"refsource" : "CONFIRM",
"url" : "http://git.php.net/?p=php-src.git;a=commit;h=88412772d295ebf7dd34409534507dc9bcac726e"
},
{
"name" : "http://php.net/ChangeLog-5.php",
"refsource" : "CONFIRM",
"url" : "http://php.net/ChangeLog-5.php"
},
{
"name" : "https://bugs.php.net/bug.php?id=68027",
"refsource" : "CONFIRM",
"url" : "https://bugs.php.net/bug.php?id=68027"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1154503",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1154503"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2014-1767.html",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2014-1767.html"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2014-1768.html",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2014-1768.html"
},
{
"name" : "https://support.apple.com/HT204659",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT204659"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name" : "APPLE-SA-2015-04-08-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name" : "DSA-3064",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3064"
},
{
"name" : "RHSA-2014:1767",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1767.html"
},
{
"name" : "RHSA-2014:1768",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1768.html"
},
{
"name" : "RHSA-2014:1765",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name" : "RHSA-2014:1766",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name" : "openSUSE-SU-2014:1377",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html"
},
{
"name" : "openSUSE-SU-2014:1391",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html"
},
{
"name" : "openSUSE-SU-2015:0014",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html"
},
{
"name" : "USN-2391-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2391-1"
},
{
"name" : "70666",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70666"
},
{
"name" : "59967",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59967"
},
{
"name" : "60630",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60630"
},
{
"name" : "60699",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60699"
},
{
"name" : "61763",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61763"
},
{
"name" : "61970",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61970"
},
{
"name" : "61982",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61982"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "59967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59967"
},
{
"name": "openSUSE-SU-2014:1391",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html"
},
{
"name": "http://git.php.net/?p=php-src.git;a=commit;h=88412772d295ebf7dd34409534507dc9bcac726e",
"refsource": "CONFIRM",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=88412772d295ebf7dd34409534507dc9bcac726e"
},
{
"name": "RHSA-2014:1767",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1767.html"
},
{
"name": "USN-2391-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2391-1"
},
{
"name": "https://support.apple.com/HT204659",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204659"
},
{
"name": "openSUSE-SU-2014:1377",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html"
},
{
"name": "61982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61982"
},
{
"name": "61763",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61763"
},
{
"name": "https://bugs.php.net/bug.php?id=68027",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=68027"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-1767.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-1767.html"
},
{
"name": "RHSA-2014:1766",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name": "DSA-3064",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3064"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-1768.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-1768.html"
},
{
"name": "70666",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70666"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "http://php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://php.net/ChangeLog-5.php"
},
{
"name": "APPLE-SA-2015-04-08-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "61970",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61970"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1154503",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154503"
},
{
"name": "openSUSE-SU-2015:0014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html"
},
{
"name": "RHSA-2014:1765",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name": "RHSA-2014:1768",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1768.html"
},
{
"name": "60699",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60699"
},
{
"name": "60630",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60630"
}
]
}
}

34
2014/6xxx/CVE-2014-6213.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6213",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6213",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2014/6xxx/CVE-2014-6335.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6335",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Invalid Pointer Remote Code Execution Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-6335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-069",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-069"
},
{
"name" : "70963",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70963"
},
{
"name" : "1031189",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031189"
},
{
"name" : "59867",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59867"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Invalid Pointer Remote Code Execution Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031189",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031189"
},
{
"name": "MS14-069",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-069"
},
{
"name": "59867",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59867"
},
{
"name": "70963",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70963"
}
]
}
}

34
2014/6xxx/CVE-2014-6398.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6398",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6398",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2014/6xxx/CVE-2014-6407.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6407",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141124 Docker 1.3.2 - Security Advisory [24 Nov 2014]",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/11/24/5"
},
{
"name" : "https://docs.docker.com/v1.3/release-notes/",
"refsource" : "CONFIRM",
"url" : "https://docs.docker.com/v1.3/release-notes/"
},
{
"name" : "FEDORA-2014-15779",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145154.html"
},
{
"name" : "openSUSE-SU-2014:1596",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00009.html"
},
{
"name" : "60171",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60171"
},
{
"name" : "60241",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60241"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60241",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60241"
},
{
"name": "60171",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60171"
},
{
"name": "https://docs.docker.com/v1.3/release-notes/",
"refsource": "CONFIRM",
"url": "https://docs.docker.com/v1.3/release-notes/"
},
{
"name": "openSUSE-SU-2014:1596",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00009.html"
},
{
"name": "FEDORA-2014-15779",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145154.html"
},
{
"name": "[oss-security] 20141124 Docker 1.3.2 - Security Advisory [24 Nov 2014]",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/11/24/5"
}
]
}
}

140
2014/6xxx/CVE-2014-6969.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6969",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Deltin Suites (aka com.DeltinSuites) application 3.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#130265",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/130265"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Deltin Suites (aka com.DeltinSuites) application 3.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#130265",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/130265"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

34
2014/7xxx/CVE-2014-7014.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7014",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-7014",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

140
2014/7xxx/CVE-2014-7017.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7017",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Tim Ban Bon Phuong (aka com.entertaiment.timbanbonphuong) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#760609",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/760609"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Tim Ban Bon Phuong (aka com.entertaiment.timbanbonphuong) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#760609",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/760609"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

190
2014/7xxx/CVE-2014-7146.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7146",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function with the e modifier."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141108 CVE-2014-7146: MantisBT XmlImportExport plugin PHP Code Injection Vulnerability",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2014/q4/576"
},
{
"name" : "http://www.mantisbt.org/bugs/view.php?id=17725",
"refsource" : "CONFIRM",
"url" : "http://www.mantisbt.org/bugs/view.php?id=17725"
},
{
"name" : "https://github.com/mantisbt/mantisbt/commit/84017535",
"refsource" : "CONFIRM",
"url" : "https://github.com/mantisbt/mantisbt/commit/84017535"
},
{
"name" : "https://github.com/mantisbt/mantisbt/commit/bed19db9",
"refsource" : "CONFIRM",
"url" : "https://github.com/mantisbt/mantisbt/commit/bed19db9"
},
{
"name" : "DSA-3120",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3120"
},
{
"name" : "70993",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70993"
},
{
"name" : "62101",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62101"
},
{
"name" : "mantisbt-cve20147146-code-exec(98572)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98572"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function with the e modifier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70993",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70993"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=17725",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=17725"
},
{
"name": "https://github.com/mantisbt/mantisbt/commit/bed19db9",
"refsource": "CONFIRM",
"url": "https://github.com/mantisbt/mantisbt/commit/bed19db9"
},
{
"name": "mantisbt-cve20147146-code-exec(98572)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98572"
},
{
"name": "https://github.com/mantisbt/mantisbt/commit/84017535",
"refsource": "CONFIRM",
"url": "https://github.com/mantisbt/mantisbt/commit/84017535"
},
{
"name": "62101",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62101"
},
{
"name": "[oss-security] 20141108 CVE-2014-7146: MantisBT XmlImportExport plugin PHP Code Injection Vulnerability",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q4/576"
},
{
"name": "DSA-3120",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3120"
}
]
}
}

140
2014/7xxx/CVE-2014-7630.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7630",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Fling Gold (aka com.mbgames.fling.gold) application 1.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#542017",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/542017"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Fling Gold (aka com.mbgames.fling.gold) application 1.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#542017",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/542017"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

34
2014/7xxx/CVE-2014-7678.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7678",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-7678",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

176
2017/0xxx/CVE-2017-0546.json
View File

@ -1,90 +1,90 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-0546",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android-4.4.4"
},
{
"version_value" : "Android-5.0.2"
},
{
"version_value" : "Android-5.1.1"
},
{
"version_value" : "Android-6.0"
},
{
"version_value" : "Android-6.0.1"
},
{
"version_value" : "Android-7.0"
},
{
"version_value" : "Android-7.1.1"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32628763."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2017-0546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-4.4.4"
},
{
"version_value": "Android-5.0.2"
},
{
"version_value": "Android-5.1.1"
},
{
"version_value": "Android-6.0"
},
{
"version_value": "Android-6.0.1"
},
{
"version_value": "Android-7.0"
},
{
"version_value": "Android-7.1.1"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-04-01"
},
{
"name" : "97341",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97341"
},
{
"name" : "1038201",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038201"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32628763."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-04-01"
},
{
"name": "97341",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97341"
},
{
"name": "1038201",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038201"
}
]
}
}

146
2017/0xxx/CVE-2017-0548.json
View File

@ -1,75 +1,75 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-0548",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android-7.0"
},
{
"version_value" : "Android-7.1.1"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote denial of service vulnerability in libskia could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33251605."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of service"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2017-0548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-7.0"
},
{
"version_value": "Android-7.1.1"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-04-01"
},
{
"name" : "97398",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97398"
},
{
"name" : "1038201",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038201"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote denial of service vulnerability in libskia could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33251605."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-04-01"
},
{
"name": "97398",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97398"
},
{
"name": "1038201",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038201"
}
]
}
}

170
2017/1xxx/CVE-2017-1520.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-09-08T00:00:00",
"ID" : "CVE-2017-1520",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DB2 for Linux, UNIX and Windows",
"version" : {
"version_data" : [
{
"version_value" : "10.5"
},
{
"version_value" : "10.1"
},
{
"version_value" : "9.7"
},
{
"version_value" : "11.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Configuration"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-09-08T00:00:00",
"ID": "CVE-2017-1520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DB2 for Linux, UNIX and Windows",
"version": {
"version_data": [
{
"version_value": "10.5"
},
{
"version_value": "10.1"
},
{
"version_value": "9.7"
},
{
"version_value": "11.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129830",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129830"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22007186",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22007186"
},
{
"name" : "100684",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100684"
},
{
"name" : "1039308",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039308"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Configuration"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039308",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039308"
},
{
"name": "100684",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100684"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129830",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129830"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22007186",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007186"
}
]
}
}

34
2017/1xxx/CVE-2017-1537.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1537",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1537",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/1xxx/CVE-2017-1588.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1588",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1588",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

222
2017/1xxx/CVE-2017-1786.json
View File

@ -1,113 +1,113 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-04-17T00:00:00",
"ID" : "CVE-2017-1786",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MQ",
"version" : {
"version_data" : [
{
"version_value" : "8.0"
},
{
"version_value" : "9.0"
},
{
"version_value" : "9.0.1"
},
{
"version_value" : "9.0.0.1"
},
{
"version_value" : "9.0.2"
},
{
"version_value" : "8.0.0.1"
},
{
"version_value" : "8.0.0.2"
},
{
"version_value" : "8.0.0.3"
},
{
"version_value" : "8.0.0.4"
},
{
"version_value" : "8.0.0.5"
},
{
"version_value" : "8.0.0.6"
},
{
"version_value" : "8.0.0.7"
},
{
"version_value" : "9.0.0.2"
},
{
"version_value" : "9.0.3"
},
{
"version_value" : "9.0.4"
},
{
"version_value" : "8.0.0.8"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4 under special circumstances could allow an authenticated user to consume all resources due to a memory leak resulting in service loss. IBM X-Force ID: 136975."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-04-17T00:00:00",
"ID": "CVE-2017-1786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MQ",
"version": {
"version_data": [
{
"version_value": "8.0"
},
{
"version_value": "9.0"
},
{
"version_value": "9.0.1"
},
{
"version_value": "9.0.0.1"
},
{
"version_value": "9.0.2"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.0.6"
},
{
"version_value": "8.0.0.7"
},
{
"version_value": "9.0.0.2"
},
{
"version_value": "9.0.3"
},
{
"version_value": "9.0.4"
},
{
"version_value": "8.0.0.8"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22013023",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22013023"
},
{
"name" : "ibm-websphere-cve20171786-dos(136975)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/136975"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4 under special circumstances could allow an authenticated user to consume all resources due to a memory leak resulting in service loss. IBM X-Force ID: 136975."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22013023",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013023"
},
{
"name": "ibm-websphere-cve20171786-dos(136975)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136975"
}
]
}
}

34
2017/1xxx/CVE-2017-1945.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1945",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-1945",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

122
2017/5xxx/CVE-2017-5187.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@microfocus.com",
"DATE_PUBLIC" : "2017-08-19T00:00:00",
"ID" : "CVE-2017-5187",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Micro Focus Enterprise Developer, Micro Focus Enterprise Server",
"version" : {
"version_data" : [
{
"version_value" : "2.3 before 2.3 Update 1, 2.3 Update 1 before Hotfix 8, 2.3 Update 2 before Hotfix 9"
}
]
}
}
]
},
"vendor_name" : "Micro Focus"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Request Forgery (CWE-352) and Remote Code Execution (CWE-78)"
}
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2017-08-19T00:00:00",
"ID": "CVE-2017-5187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Micro Focus Enterprise Developer, Micro Focus Enterprise Server",
"version": {
"version_data": [
{
"version_value": "2.3 before 2.3 Update 1, 2.3 Update 1 before Hotfix 8, 2.3 Update 2 before Hotfix 9"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29131/enterprise-server-security-fixes-july-2017",
"refsource" : "MISC",
"url" : "https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29131/enterprise-server-security-fixes-july-2017"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CWE-352) and Remote Code Execution (CWE-78)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29131/enterprise-server-security-fixes-july-2017",
"refsource": "MISC",
"url": "https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29131/enterprise-server-security-fixes-july-2017"
}
]
}
}

120
2017/5xxx/CVE-2017-5262.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@rapid7.com",
"ID" : "CVE-2017-5262",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "cnPilot",
"version" : {
"version_data" : [
{
"version_value" : "4.3.2-R4 and prior"
}
]
}
}
]
},
"vendor_name" : "Cambium Networks"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the SNMP read-only (RO) community string has access to sensitive information by OID reference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-200 (Information Exposure)"
}
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2017-5262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "cnPilot",
"version": {
"version_data": [
{
"version_value": "4.3.2-R4 and prior"
}
]
}
}
]
},
"vendor_name": "Cambium Networks"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/",
"refsource" : "MISC",
"url" : "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the SNMP read-only (RO) community string has access to sensitive information by OID reference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 (Information Exposure)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/"
}
]
}
}

34
2017/5xxx/CVE-2017-5299.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5299",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5299",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/5xxx/CVE-2017-5306.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5306",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5306",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2017/5xxx/CVE-2017-5911.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5911",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Banco Santander Mexico SA Supermovil app 3.5 through 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f",
"refsource" : "MISC",
"url" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Banco Santander Mexico SA Supermovil app 3.5 through 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f",
"refsource": "MISC",
"url": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f"
}
]
}
}

140
2017/5xxx/CVE-2017-5925.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5925",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5925",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf",
"refsource" : "MISC",
"url" : "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf"
},
{
"name" : "https://www.vusec.net/projects/anc",
"refsource" : "MISC",
"url" : "https://www.vusec.net/projects/anc"
},
{
"name" : "96452",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96452"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96452",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96452"
},
{
"name": "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf",
"refsource": "MISC",
"url": "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf"
},
{
"name": "https://www.vusec.net/projects/anc",
"refsource": "MISC",
"url": "https://www.vusec.net/projects/anc"
}
]
}
}