admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:17:49 +00:00
parent 192fd79f0a
commit 193e4e0b43
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
64 changed files with 4890 additions and 4890 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2006/2xxx/CVE-2006-2006.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2006",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in IZArc Archiver 3.5 beta 3 allow remote attackers to write arbitrary files via a ..\\ (dot dot backslash) in a (1) .rar, (2) .tar, (3) .zip, (4) .jar, or (5) .gz archive. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "17664",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17664"
},
{
"name" : "ADV-2006-1488",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1488"
},
{
"name" : "24895",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24895"
},
{
"name" : "19791",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19791"
},
{
"name" : "izarc-extract-directory-traversal(26039)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26039"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in IZArc Archiver 3.5 beta 3 allow remote attackers to write arbitrary files via a ..\\ (dot dot backslash) in a (1) .rar, (2) .tar, (3) .zip, (4) .jar, or (5) .gz archive. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24895",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24895"
},
{
"name": "19791",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19791"
},
{
"name": "17664",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17664"
},
{
"name": "ADV-2006-1488",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1488"
},
{
"name": "izarc-extract-directory-traversal(26039)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26039"
}
]
}
}

170
2006/2xxx/CVE-2006-2810.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2810",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Belchior Foundry vCard 2.9 allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) toprated.php and (2) newcards.php. NOTE: the card_id vector is already covered by CVE-2006-1230."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060527 multiple Xss exploits in : vCard 2.9",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/435310/100/0/threaded"
},
{
"name" : "1016183",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016183"
},
{
"name" : "19216",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19216"
},
{
"name" : "1034",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1034"
},
{
"name" : "571",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/571"
},
{
"name" : "vcard-multiple-xss(26838)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26838"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Belchior Foundry vCard 2.9 allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) toprated.php and (2) newcards.php. NOTE: the card_id vector is already covered by CVE-2006-1230."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1034"
},
{
"name": "vcard-multiple-xss(26838)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26838"
},
{
"name": "1016183",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016183"
},
{
"name": "20060527 multiple Xss exploits in : vCard 2.9",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435310/100/0/threaded"
},
{
"name": "19216",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19216"
},
{
"name": "571",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/571"
}
]
}
}

270
2006/3xxx/CVE-2006-3011.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3011",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a \"php://\" or other scheme in the third argument, which disables safe mode."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060625 error_log() Safe Mode Bypass PHP 5.1.4 and 4.4.2",
"refsource" : "SREASONRES",
"url" : "http://securityreason.com/achievement_securityalert/41"
},
{
"name" : "http://www.php.net/release_5_1_5.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/release_5_1_5.php"
},
{
"name" : "MDKSA-2006:122",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:122"
},
{
"name" : "http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?r1=1.543.2.51.2.9&r2=1.543.2.51.2.10&pathrev=PHP_4_4&diff_format=u",
"refsource" : "CONFIRM",
"url" : "http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?r1=1.543.2.51.2.9&r2=1.543.2.51.2.10&pathrev=PHP_4_4&diff_format=u"
},
{
"name" : "http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?diff_format=u&view=log&pathrev=PHP_4_4",
"refsource" : "CONFIRM",
"url" : "http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?diff_format=u&view=log&pathrev=PHP_4_4"
},
{
"name" : "USN-320-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-320-1"
},
{
"name" : "18645",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18645"
},
{
"name" : "ADV-2006-2523",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2523"
},
{
"name" : "26827",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26827"
},
{
"name" : "1016377",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016377"
},
{
"name" : "20818",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20818"
},
{
"name" : "21050",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21050"
},
{
"name" : "21546",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21546"
},
{
"name" : "21125",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21125"
},
{
"name" : "1129",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1129"
},
{
"name" : "php-errorlog-safe-mode-bypass(27414)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27414"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a \"php://\" or other scheme in the third argument, which disables safe mode."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.php.net/release_5_1_5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/release_5_1_5.php"
},
{
"name": "1016377",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016377"
},
{
"name": "21050",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21050"
},
{
"name": "php-errorlog-safe-mode-bypass(27414)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27414"
},
{
"name": "1129",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1129"
},
{
"name": "http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?r1=1.543.2.51.2.9&r2=1.543.2.51.2.10&pathrev=PHP_4_4&diff_format=u",
"refsource": "CONFIRM",
"url": "http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?r1=1.543.2.51.2.9&r2=1.543.2.51.2.10&pathrev=PHP_4_4&diff_format=u"
},
{
"name": "21546",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21546"
},
{
"name": "ADV-2006-2523",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2523"
},
{
"name": "USN-320-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-320-1"
},
{
"name": "MDKSA-2006:122",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:122"
},
{
"name": "21125",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21125"
},
{
"name": "http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?diff_format=u&view=log&pathrev=PHP_4_4",
"refsource": "CONFIRM",
"url": "http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?diff_format=u&view=log&pathrev=PHP_4_4"
},
{
"name": "20818",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20818"
},
{
"name": "26827",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26827"
},
{
"name": "18645",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18645"
},
{
"name": "20060625 error_log() Safe Mode Bypass PHP 5.1.4 and 4.4.2",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/41"
}
]
}
}

240
2006/3xxx/CVE-2006-3320.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3320",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in command.php in SiteBar 3.3.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the command parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060627 [Kurdish Security # 11] SiteBar Cross-Site Scripting",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/438464/100/0/threaded"
},
{
"name" : "20071018 Serious holes affecting SiteBar 3.3.8",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/482499/100/0/threaded"
},
{
"name" : "http://kurdishsecurity.blogspot.com/2006/06/kurdish-security-11-sitebar-cross-site.html",
"refsource" : "MISC",
"url" : "http://kurdishsecurity.blogspot.com/2006/06/kurdish-security-11-sitebar-cross-site.html"
},
{
"name" : "http://teamforge.net/viewcvs/viewcvs.cgi/tags/release-3.3.9/doc/history.txt?view=markup",
"refsource" : "CONFIRM",
"url" : "http://teamforge.net/viewcvs/viewcvs.cgi/tags/release-3.3.9/doc/history.txt?view=markup"
},
{
"name" : "DSA-1130",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1130"
},
{
"name" : "18680",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18680"
},
{
"name" : "26126",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26126"
},
{
"name" : "ADV-2006-2568",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2568"
},
{
"name" : "26869",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26869"
},
{
"name" : "20841",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20841"
},
{
"name" : "21248",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21248"
},
{
"name" : "1174",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1174"
},
{
"name" : "sitebar-command-xss(27421)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27421"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in command.php in SiteBar 3.3.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the command parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2568",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2568"
},
{
"name": "20071018 Serious holes affecting SiteBar 3.3.8",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/482499/100/0/threaded"
},
{
"name": "1174",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1174"
},
{
"name": "sitebar-command-xss(27421)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27421"
},
{
"name": "DSA-1130",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1130"
},
{
"name": "http://teamforge.net/viewcvs/viewcvs.cgi/tags/release-3.3.9/doc/history.txt?view=markup",
"refsource": "CONFIRM",
"url": "http://teamforge.net/viewcvs/viewcvs.cgi/tags/release-3.3.9/doc/history.txt?view=markup"
},
{
"name": "20060627 [Kurdish Security # 11] SiteBar Cross-Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438464/100/0/threaded"
},
{
"name": "26126",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26126"
},
{
"name": "http://kurdishsecurity.blogspot.com/2006/06/kurdish-security-11-sitebar-cross-site.html",
"refsource": "MISC",
"url": "http://kurdishsecurity.blogspot.com/2006/06/kurdish-security-11-sitebar-cross-site.html"
},
{
"name": "18680",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18680"
},
{
"name": "21248",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21248"
},
{
"name": "26869",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26869"
},
{
"name": "20841",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20841"
}
]
}
}

200
2006/3xxx/CVE-2006-3884.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3884",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in links.php in Gonafish LinksCaffe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) offset and (2) limit parameters, (3) newdays parameter in a new action, and the (4) link_id parameter in a deadlink action. NOTE: this issue can also be used for path disclosure by a forced SQL error, or to modify PHP files using OUTFILE."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3884",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060725 LinksCaffe 3.0 SQL injection/Command Execution Vulnerabilties",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/441087/100/0/threaded"
},
{
"name" : "19149",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19149"
},
{
"name" : "ADV-2006-2983",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2983"
},
{
"name" : "27518",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27518"
},
{
"name" : "1016584",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016584"
},
{
"name" : "21212",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21212"
},
{
"name" : "1287",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1287"
},
{
"name" : "linkscaffe-links-path-disclosure(27962)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27962"
},
{
"name" : "linkscaffe-links-sql-injection(27961)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27961"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in links.php in Gonafish LinksCaffe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) offset and (2) limit parameters, (3) newdays parameter in a new action, and the (4) link_id parameter in a deadlink action. NOTE: this issue can also be used for path disclosure by a forced SQL error, or to modify PHP files using OUTFILE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "linkscaffe-links-path-disclosure(27962)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27962"
},
{
"name": "19149",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19149"
},
{
"name": "27518",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27518"
},
{
"name": "21212",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21212"
},
{
"name": "ADV-2006-2983",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2983"
},
{
"name": "20060725 LinksCaffe 3.0 SQL injection/Command Execution Vulnerabilties",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441087/100/0/threaded"
},
{
"name": "1287",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1287"
},
{
"name": "1016584",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016584"
},
{
"name": "linkscaffe-links-sql-injection(27961)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27961"
}
]
}
}

260
2006/4xxx/CVE-2006-4606.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4606",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) id_temas parameter in busqueda_tema.php, the (2) cadena parameter in busqueda.php, the (3) id_autor parameter in autor.php, the (4) email parameter in lista.php, and the (5) id_articulo parameter in articulo.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060902 PHP-Revista Multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445007/100/0/threaded"
},
{
"name" : "20090413 Re: PHP-Revista Multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/502637/100/0/threaded"
},
{
"name" : "3538",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3538"
},
{
"name" : "8425",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8425"
},
{
"name" : "20090415 PHP-Revista 1.1.2 (RFI/SQLi/CB/XSS) Multiple Remote Vulnerabilities",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2009-April/002167.html"
},
{
"name" : "23079",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23079"
},
{
"name" : "19818",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19818"
},
{
"name" : "28445",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28445"
},
{
"name" : "28446",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28446"
},
{
"name" : "28447",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28447"
},
{
"name" : "28448",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28448"
},
{
"name" : "28451",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28451"
},
{
"name" : "28452",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28452"
},
{
"name" : "21738",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21738"
},
{
"name" : "1499",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1499"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) id_temas parameter in busqueda_tema.php, the (2) cadena parameter in busqueda.php, the (3) id_autor parameter in autor.php, the (4) email parameter in lista.php, and the (5) id_articulo parameter in articulo.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19818",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19818"
},
{
"name": "8425",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8425"
},
{
"name": "3538",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3538"
},
{
"name": "28452",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28452"
},
{
"name": "28446",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28446"
},
{
"name": "28447",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28447"
},
{
"name": "20090413 Re: PHP-Revista Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502637/100/0/threaded"
},
{
"name": "1499",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1499"
},
{
"name": "28445",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28445"
},
{
"name": "20060902 PHP-Revista Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445007/100/0/threaded"
},
{
"name": "20090415 PHP-Revista 1.1.2 (RFI/SQLi/CB/XSS) Multiple Remote Vulnerabilities",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2009-April/002167.html"
},
{
"name": "28448",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28448"
},
{
"name": "21738",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21738"
},
{
"name": "28451",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28451"
},
{
"name": "23079",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23079"
}
]
}
}

200
2006/6xxx/CVE-2006-6514.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6514",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Winamp Web Interface (Wawi) 7.5.13 and earlier uses an insufficient comparison to determine whether a directory is located below the application's root directory, which allows remote authenticated users to access certain other directories if the name of the root directory is a substring of the name of the target directory, as demonstrated by accessing C:\\folder2 when the root directory is C:\\folder."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6514",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061210 Multiple vulnerabilities in Winamp Web Interface 7.5.13",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/454059/100/0/threaded"
},
{
"name" : "20061210 Multiple vulnerabilities in Winamp Web Interface 7.5.13",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051217.html"
},
{
"name" : "http://aluigi.altervista.org/adv/wawix-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/wawix-adv.txt"
},
{
"name" : "21539",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21539"
},
{
"name" : "ADV-2006-4935",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4935"
},
{
"name" : "1017362",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017362"
},
{
"name" : "23292",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23292"
},
{
"name" : "2032",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2032"
},
{
"name" : "winampwi-multiple-information-disclosure(30830)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30830"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Winamp Web Interface (Wawi) 7.5.13 and earlier uses an insufficient comparison to determine whether a directory is located below the application's root directory, which allows remote authenticated users to access certain other directories if the name of the root directory is a substring of the name of the target directory, as demonstrated by accessing C:\\folder2 when the root directory is C:\\folder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061210 Multiple vulnerabilities in Winamp Web Interface 7.5.13",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454059/100/0/threaded"
},
{
"name": "23292",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23292"
},
{
"name": "winampwi-multiple-information-disclosure(30830)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30830"
},
{
"name": "1017362",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017362"
},
{
"name": "21539",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21539"
},
{
"name": "20061210 Multiple vulnerabilities in Winamp Web Interface 7.5.13",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051217.html"
},
{
"name": "ADV-2006-4935",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4935"
},
{
"name": "2032",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2032"
},
{
"name": "http://aluigi.altervista.org/adv/wawix-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/wawix-adv.txt"
}
]
}
}

150
2006/6xxx/CVE-2006-6645.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6645",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in language/lang_english/lang_admin.php in the Web Links (mx_links) 2.05 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6645",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2939",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2939"
},
{
"name" : "21622",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21622"
},
{
"name" : "ADV-2006-5034",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/5034"
},
{
"name" : "mxbb-weblinks-lang-file-include(30915)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30915"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in language/lang_english/lang_admin.php in the Web Links (mx_links) 2.05 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21622",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21622"
},
{
"name": "ADV-2006-5034",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5034"
},
{
"name": "mxbb-weblinks-lang-file-include(30915)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30915"
},
{
"name": "2939",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2939"
}
]
}
}

180
2006/6xxx/CVE-2006-6676.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6676",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the (a) OLE2 and (b) CHM parsers for ESET NOD32 Antivirus before 1.1743 allows remote attackers to execute arbitrary code via a crafted (1) .DOC or (2) .CAB file that triggers a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6676",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061220 NOD32 Antivirus DOC parsing Arbitrary Code Execution Advisory",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/454949/100/0/threaded"
},
{
"name" : "20061221 NOD32 Antivirus CAB parsing Arbitrary Code Execution Advisory",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/455045/100/0/threaded"
},
{
"name" : "http://eset.com/support/updates.php?pageno=63",
"refsource" : "CONFIRM",
"url" : "http://eset.com/support/updates.php?pageno=63"
},
{
"name" : "21682",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21682"
},
{
"name" : "ADV-2006-5095",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/5095"
},
{
"name" : "23459",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23459"
},
{
"name" : "2079",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2079"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the (a) OLE2 and (b) CHM parsers for ESET NOD32 Antivirus before 1.1743 allows remote attackers to execute arbitrary code via a crafted (1) .DOC or (2) .CAB file that triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061221 NOD32 Antivirus CAB parsing Arbitrary Code Execution Advisory",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455045/100/0/threaded"
},
{
"name": "20061220 NOD32 Antivirus DOC parsing Arbitrary Code Execution Advisory",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454949/100/0/threaded"
},
{
"name": "ADV-2006-5095",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5095"
},
{
"name": "2079",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2079"
},
{
"name": "http://eset.com/support/updates.php?pageno=63",
"refsource": "CONFIRM",
"url": "http://eset.com/support/updates.php?pageno=63"
},
{
"name": "23459",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23459"
},
{
"name": "21682",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21682"
}
]
}
}

270
2006/6xxx/CVE-2006-6931.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6931",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Algorithmic complexity vulnerability in Snort before 2.6.1, during predicate evaluation in rule matching for certain rules, allows remote attackers to cause a denial of service (CPU consumption and detection outage) via crafted network traffic, aka a \"backtracking attack.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[dailydave] 20070110 Algorithmic Bugs",
"refsource" : "MLIST",
"url" : "http://lists.immunitysec.com/pipermail/dailydave/2007-January/003954.html"
},
{
"name" : "http://www.acsac.org/2006/abstracts/54.html",
"refsource" : "MISC",
"url" : "http://www.acsac.org/2006/abstracts/54.html"
},
{
"name" : "http://www.acsac.org/2006/advance_program.html",
"refsource" : "MISC",
"url" : "http://www.acsac.org/2006/advance_program.html"
},
{
"name" : "http://www.acsac.org/2006/papers/54.pdf",
"refsource" : "MISC",
"url" : "http://www.acsac.org/2006/papers/54.pdf"
},
{
"name" : "http://www.cs.wisc.edu/~smithr/pubs/acsac2006.pdf",
"refsource" : "MISC",
"url" : "http://www.cs.wisc.edu/~smithr/pubs/acsac2006.pdf"
},
{
"name" : "http://www.cs.wisc.edu/~smithr/pubs/randy_smith_acsac2006.zip",
"refsource" : "MISC",
"url" : "http://www.cs.wisc.edu/~smithr/pubs/randy_smith_acsac2006.zip"
},
{
"name" : "http://www.snort.org/pub-bin/snortnews.cgi",
"refsource" : "CONFIRM",
"url" : "http://www.snort.org/pub-bin/snortnews.cgi"
},
{
"name" : "GLSA-200702-03",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200702-03.xml"
},
{
"name" : "MDKSA-2007:051",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:051"
},
{
"name" : "21991",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21991"
},
{
"name" : "32096",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/32096"
},
{
"name" : "1017508",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017508"
},
{
"name" : "23716",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23716"
},
{
"name" : "24164",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24164"
},
{
"name" : "24338",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24338"
},
{
"name" : "snort-rule-matching-dos(31430)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31430"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Algorithmic complexity vulnerability in Snort before 2.6.1, during predicate evaluation in rule matching for certain rules, allows remote attackers to cause a denial of service (CPU consumption and detection outage) via crafted network traffic, aka a \"backtracking attack.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21991",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21991"
},
{
"name": "http://www.cs.wisc.edu/~smithr/pubs/randy_smith_acsac2006.zip",
"refsource": "MISC",
"url": "http://www.cs.wisc.edu/~smithr/pubs/randy_smith_acsac2006.zip"
},
{
"name": "[dailydave] 20070110 Algorithmic Bugs",
"refsource": "MLIST",
"url": "http://lists.immunitysec.com/pipermail/dailydave/2007-January/003954.html"
},
{
"name": "24164",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24164"
},
{
"name": "24338",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24338"
},
{
"name": "snort-rule-matching-dos(31430)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31430"
},
{
"name": "32096",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/32096"
},
{
"name": "23716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23716"
},
{
"name": "1017508",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017508"
},
{
"name": "GLSA-200702-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200702-03.xml"
},
{
"name": "http://www.cs.wisc.edu/~smithr/pubs/acsac2006.pdf",
"refsource": "MISC",
"url": "http://www.cs.wisc.edu/~smithr/pubs/acsac2006.pdf"
},
{
"name": "MDKSA-2007:051",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:051"
},
{
"name": "http://www.acsac.org/2006/advance_program.html",
"refsource": "MISC",
"url": "http://www.acsac.org/2006/advance_program.html"
},
{
"name": "http://www.acsac.org/2006/papers/54.pdf",
"refsource": "MISC",
"url": "http://www.acsac.org/2006/papers/54.pdf"
},
{
"name": "http://www.acsac.org/2006/abstracts/54.html",
"refsource": "MISC",
"url": "http://www.acsac.org/2006/abstracts/54.html"
},
{
"name": "http://www.snort.org/pub-bin/snortnews.cgi",
"refsource": "CONFIRM",
"url": "http://www.snort.org/pub-bin/snortnews.cgi"
}
]
}
}

390
2006/7xxx/CVE-2006-7227.json
View File

@ -1,197 +1,197 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7227",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-7227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://scary.beasts.org/security/CESA-2007-006.html",
"refsource" : "MISC",
"url" : "http://scary.beasts.org/security/CESA-2007-006.html"
},
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=198976",
"refsource" : "MISC",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"name" : "http://www.pcre.org/changelog.txt",
"refsource" : "CONFIRM",
"url" : "http://www.pcre.org/changelog.txt"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-493.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-493.htm"
},
{
"name" : "DSA-1570",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1570"
},
{
"name" : "GLSA-200711-30",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"name" : "GLSA-200801-02",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"name" : "GLSA-200801-18",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"name" : "GLSA-200801-19",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"name" : "GLSA-200805-11",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"name" : "MDVSA-2008:030",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:030"
},
{
"name" : "RHSA-2007:1052",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-1052.html"
},
{
"name" : "SUSE-SA:2007:062",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"name" : "SUSE-SA:2008:004",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"
},
{
"name" : "26462",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26462"
},
{
"name" : "oval:org.mitre.oval:def:10408",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10408"
},
{
"name" : "27582",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27582"
},
{
"name" : "27741",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27741"
},
{
"name" : "27773",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27773"
},
{
"name" : "27869",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27869"
},
{
"name" : "28406",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28406"
},
{
"name" : "28414",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28414"
},
{
"name" : "28658",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28658"
},
{
"name" : "28714",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28714"
},
{
"name" : "28720",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28720"
},
{
"name" : "30155",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30155"
},
{
"name" : "30219",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30219"
},
{
"name" : "30106",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30106"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30219",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30219"
},
{
"name": "GLSA-200711-30",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-30.xml"
},
{
"name": "oval:org.mitre.oval:def:10408",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10408"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-493.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-493.htm"
},
{
"name": "MDVSA-2008:030",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:030"
},
{
"name": "DSA-1570",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1570"
},
{
"name": "SUSE-SA:2008:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"
},
{
"name": "28658",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28658"
},
{
"name": "27773",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27773"
},
{
"name": "28406",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28406"
},
{
"name": "26462",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26462"
},
{
"name": "GLSA-200805-11",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200805-11.xml"
},
{
"name": "RHSA-2007:1052",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1052.html"
},
{
"name": "27741",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27741"
},
{
"name": "SUSE-SA:2007:062",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html"
},
{
"name": "http://www.pcre.org/changelog.txt",
"refsource": "CONFIRM",
"url": "http://www.pcre.org/changelog.txt"
},
{
"name": "30155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30155"
},
{
"name": "27869",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27869"
},
{
"name": "28720",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28720"
},
{
"name": "GLSA-200801-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200801-02.xml"
},
{
"name": "27582",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27582"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=198976",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198976"
},
{
"name": "http://scary.beasts.org/security/CESA-2007-006.html",
"refsource": "MISC",
"url": "http://scary.beasts.org/security/CESA-2007-006.html"
},
{
"name": "GLSA-200801-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200801-19.xml"
},
{
"name": "GLSA-200801-18",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200801-18.xml"
},
{
"name": "28414",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28414"
},
{
"name": "30106",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30106"
},
{
"name": "28714",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28714"
}
]
}
}

150
2010/2xxx/CVE-2010-2922.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2922",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in default.asp in AKY Blog allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14461",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14461"
},
{
"name" : "http://packetstormsecurity.org/1007-exploits/akyblog-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1007-exploits/akyblog-sql.txt"
},
{
"name" : "40746",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40746"
},
{
"name" : "akyblog-default-sql-injection(60617)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60617"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in default.asp in AKY Blog allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40746"
},
{
"name": "http://packetstormsecurity.org/1007-exploits/akyblog-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1007-exploits/akyblog-sql.txt"
},
{
"name": "akyblog-default-sql-injection(60617)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60617"
},
{
"name": "14461",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14461"
}
]
}
}

34
2011/0xxx/CVE-2011-0351.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0351",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0351",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

390
2011/0xxx/CVE-2011-0421.json
View File

@ -1,197 +1,197 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0421",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-0421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110318 libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5)",
"refsource" : "SREASONRES",
"url" : "http://securityreason.com/achievement_securityalert/96"
},
{
"name" : "20110318 libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/517065/100/0/threaded"
},
{
"name" : "17004",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/17004"
},
{
"name" : "http://bugs.php.net/bug.php?id=53885",
"refsource" : "CONFIRM",
"url" : "http://bugs.php.net/bug.php?id=53885"
},
{
"name" : "http://svn.php.net/viewvc/?view=revision&revision=307867",
"refsource" : "CONFIRM",
"url" : "http://svn.php.net/viewvc/?view=revision&revision=307867"
},
{
"name" : "http://www.php.net/ChangeLog-5.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/ChangeLog-5.php"
},
{
"name" : "http://www.php.net/archive/2011.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/archive/2011.php"
},
{
"name" : "http://www.php.net/releases/5_3_6.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/releases/5_3_6.php"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=688735",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=688735"
},
{
"name" : "http://support.apple.com/kb/HT5002",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5002"
},
{
"name" : "APPLE-SA-2011-10-12-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name" : "DSA-2266",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2266"
},
{
"name" : "FEDORA-2011-3614",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056642.html"
},
{
"name" : "FEDORA-2011-3636",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057709.html"
},
{
"name" : "FEDORA-2011-3666",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057710.html"
},
{
"name" : "HPSBOV02763",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133469208622507&w=2"
},
{
"name" : "SSRT100826",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133469208622507&w=2"
},
{
"name" : "MDVSA-2011:052",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:052"
},
{
"name" : "MDVSA-2011:053",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:053"
},
{
"name" : "MDVSA-2011:099",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:099"
},
{
"name" : "SUSE-SR:2011:009",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name" : "46354",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46354"
},
{
"name" : "43621",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43621"
},
{
"name" : "8146",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8146"
},
{
"name" : "ADV-2011-0744",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0744"
},
{
"name" : "ADV-2011-0764",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0764"
},
{
"name" : "ADV-2011-0890",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0890"
},
{
"name" : "libzip-zipnamelocate-dos(66173)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66173"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:099",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:099"
},
{
"name": "HPSBOV02763",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2"
},
{
"name": "SUSE-SR:2011:009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "FEDORA-2011-3636",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057709.html"
},
{
"name": "ADV-2011-0764",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0764"
},
{
"name": "FEDORA-2011-3614",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056642.html"
},
{
"name": "8146",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8146"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=688735",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=688735"
},
{
"name": "43621",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43621"
},
{
"name": "MDVSA-2011:053",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:053"
},
{
"name": "DSA-2266",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2266"
},
{
"name": "ADV-2011-0890",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0890"
},
{
"name": "libzip-zipnamelocate-dos(66173)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66173"
},
{
"name": "http://www.php.net/releases/5_3_6.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/releases/5_3_6.php"
},
{
"name": "http://svn.php.net/viewvc/?view=revision&revision=307867",
"refsource": "CONFIRM",
"url": "http://svn.php.net/viewvc/?view=revision&revision=307867"
},
{
"name": "20110318 libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5)",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/96"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "http://www.php.net/archive/2011.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/archive/2011.php"
},
{
"name": "SSRT100826",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2"
},
{
"name": "APPLE-SA-2011-10-12-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "20110318 libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517065/100/0/threaded"
},
{
"name": "17004",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17004"
},
{
"name": "FEDORA-2011-3666",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057710.html"
},
{
"name": "MDVSA-2011:052",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:052"
},
{
"name": "ADV-2011-0744",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0744"
},
{
"name": "46354",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46354"
},
{
"name": "http://support.apple.com/kb/HT5002",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "http://bugs.php.net/bug.php?id=53885",
"refsource": "CONFIRM",
"url": "http://bugs.php.net/bug.php?id=53885"
}
]
}
}

170
2011/0xxx/CVE-2011-0439.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0439",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the Pieforms select box."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://mahara.org/interaction/forum/topic.php?id=3205",
"refsource" : "CONFIRM",
"url" : "http://mahara.org/interaction/forum/topic.php?id=3205"
},
{
"name" : "http://mahara.org/interaction/forum/topic.php?id=3208",
"refsource" : "CONFIRM",
"url" : "http://mahara.org/interaction/forum/topic.php?id=3208"
},
{
"name" : "DSA-2206",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2206"
},
{
"name" : "47033",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47033"
},
{
"name" : "43858",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43858"
},
{
"name" : "mahara-pieform-xss(66327)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66327"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the Pieforms select box."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mahara.org/interaction/forum/topic.php?id=3208",
"refsource": "CONFIRM",
"url": "http://mahara.org/interaction/forum/topic.php?id=3208"
},
{
"name": "DSA-2206",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2206"
},
{
"name": "47033",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47033"
},
{
"name": "http://mahara.org/interaction/forum/topic.php?id=3205",
"refsource": "CONFIRM",
"url": "http://mahara.org/interaction/forum/topic.php?id=3205"
},
{
"name": "mahara-pieform-xss(66327)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66327"
},
{
"name": "43858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43858"
}
]
}
}

150
2011/0xxx/CVE-2011-0554.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0554",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The management console in Symantec IM Manager before 8.4.18 allows remote attackers to execute arbitrary code via unspecified vectors, related to a \"code injection issue.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110929_00",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110929_00"
},
{
"name" : "49742",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/49742"
},
{
"name" : "1026130",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1026130"
},
{
"name" : "43157",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43157"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The management console in Symantec IM Manager before 8.4.18 allows remote attackers to execute arbitrary code via unspecified vectors, related to a \"code injection issue.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49742",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49742"
},
{
"name": "1026130",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1026130"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110929_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110929_00"
},
{
"name": "43157",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43157"
}
]
}
}

120
2011/0xxx/CVE-2011-0859.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0859",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Tax Update 11-B and 9.1 Tax Update 11-B allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Global Payroll - North America."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2011-0859",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Tax Update 11-B and 9.1 Tax Update 11-B allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Global Payroll - North America."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
}
]
}
}

200
2011/0xxx/CVE-2011-0976.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0976",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 do not properly handle Office Art containers that have invalid records, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PowerPoint document with a container that triggers certain access to an uninitialized object, aka \"OfficeArt Atom RCE Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110207 ZDI-11-044: Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516233/100/0/threaded"
},
{
"name" : "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft",
"refsource" : "MISC",
"url" : "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft"
},
{
"name" : "http://zerodayinitiative.com/advisories/ZDI-11-044/",
"refsource" : "MISC",
"url" : "http://zerodayinitiative.com/advisories/ZDI-11-044/"
},
{
"name" : "MS11-022",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-022"
},
{
"name" : "TA11-102A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name" : "oval:org.mitre.oval:def:11978",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11978"
},
{
"name" : "1025340",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025340"
},
{
"name" : "43213",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43213"
},
{
"name" : "ADV-2011-0941",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0941"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 do not properly handle Office Art containers that have invalid records, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PowerPoint document with a container that triggers certain access to an uninitialized object, aka \"OfficeArt Atom RCE Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS11-022",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-022"
},
{
"name": "TA11-102A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name": "oval:org.mitre.oval:def:11978",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11978"
},
{
"name": "1025340",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025340"
},
{
"name": "20110207 ZDI-11-044: Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516233/100/0/threaded"
},
{
"name": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft",
"refsource": "MISC",
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-044/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-044/"
},
{
"name": "ADV-2011-0941",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0941"
},
{
"name": "43213",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43213"
}
]
}
}

160
2011/1xxx/CVE-2011-1066.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1066",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Messaging module 6.x-2.x before 6.x-2.4 and 6.x-4.x before 6.x-4.0-beta8 for Drupal allows remote attackers with administer messaging permissions to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1066",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/1064024",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1064024"
},
{
"name" : "46438",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46438"
},
{
"name" : "70933",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70933"
},
{
"name" : "43385",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43385"
},
{
"name" : "messaging-unspec-xss(65449)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65449"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Messaging module 6.x-2.x before 6.x-2.4 and 6.x-4.x before 6.x-4.0-beta8 for Drupal allows remote attackers with administer messaging permissions to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46438",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46438"
},
{
"name": "messaging-unspec-xss(65449)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65449"
},
{
"name": "http://drupal.org/node/1064024",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1064024"
},
{
"name": "70933",
"refsource": "OSVDB",
"url": "http://osvdb.org/70933"
},
{
"name": "43385",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43385"
}
]
}
}

34
2011/1xxx/CVE-2011-1365.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1365",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1365",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2011/1xxx/CVE-2011-1454.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1454",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the DOM id handling functionality in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=79199",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=79199"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html"
},
{
"name" : "oval:org.mitre.oval:def:14469",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14469"
},
{
"name" : "chrome-domid-code-execution(67160)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67160"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the DOM id handling functionality in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/chromium/issues/detail?id=79199",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=79199"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html"
},
{
"name": "oval:org.mitre.oval:def:14469",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14469"
},
{
"name": "chrome-domid-code-execution(67160)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67160"
}
]
}
}

230
2011/1xxx/CVE-2011-1567.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1567",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted (1) ListAll, (2) Write File, (3) ReadFile, (4) Delete, (5) RenameFile, and (6) FileInfo commands in an 0xd opcode; (7) the Add, (8) ReadFile, (9) Write File, (10) Rename, (11) Delete, and (12) Add commands in an RMS report templates (0x7) opcode; and (13) 0x4 command in an STDREP request (0x8) opcode to TCP port 12401."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1567",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "17024",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/17024"
},
{
"name" : "http://aluigi.org/adv/igss_2-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.org/adv/igss_2-adv.txt"
},
{
"name" : "http://aluigi.org/adv/igss_3-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.org/adv/igss_3-adv.txt"
},
{
"name" : "http://aluigi.org/adv/igss_4-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.org/adv/igss_4-adv.txt"
},
{
"name" : "http://aluigi.org/adv/igss_5-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.org/adv/igss_5-adv.txt"
},
{
"name" : "http://aluigi.org/adv/igss_7-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.org/adv/igss_7-adv.txt"
},
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf"
},
{
"name" : "46936",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46936"
},
{
"name" : "43849",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43849"
},
{
"name" : "8179",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8179"
},
{
"name" : "8251",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8251"
},
{
"name" : "ADV-2011-0741",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0741"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted (1) ListAll, (2) Write File, (3) ReadFile, (4) Delete, (5) RenameFile, and (6) FileInfo commands in an 0xd opcode; (7) the Add, (8) ReadFile, (9) Write File, (10) Rename, (11) Delete, and (12) Add commands in an RMS report templates (0x7) opcode; and (13) 0x4 command in an STDREP request (0x8) opcode to TCP port 12401."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46936",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46936"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf"
},
{
"name": "http://aluigi.org/adv/igss_2-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.org/adv/igss_2-adv.txt"
},
{
"name": "43849",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43849"
},
{
"name": "http://aluigi.org/adv/igss_4-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.org/adv/igss_4-adv.txt"
},
{
"name": "ADV-2011-0741",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0741"
},
{
"name": "17024",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17024"
},
{
"name": "http://aluigi.org/adv/igss_5-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.org/adv/igss_5-adv.txt"
},
{
"name": "8179",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8179"
},
{
"name": "8251",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8251"
},
{
"name": "http://aluigi.org/adv/igss_3-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.org/adv/igss_3-adv.txt"
},
{
"name": "http://aluigi.org/adv/igss_7-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.org/adv/igss_7-adv.txt"
}
]
}
}

150
2011/1xxx/CVE-2011-1801.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1801",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Google Chrome before 11.0.696.71 allows remote attackers to bypass the pop-up blocker via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-1801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=72189",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=72189"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/05/stable-channel-update_24.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/05/stable-channel-update_24.html"
},
{
"name" : "47966",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47966"
},
{
"name" : "oval:org.mitre.oval:def:14474",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14474"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Google Chrome before 11.0.696.71 allows remote attackers to bypass the pop-up blocker via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/chromium/issues/detail?id=72189",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=72189"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/05/stable-channel-update_24.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/05/stable-channel-update_24.html"
},
{
"name": "oval:org.mitre.oval:def:14474",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14474"
},
{
"name": "47966",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47966"
}
]
}
}

180
2011/1xxx/CVE-2011-1869.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1869",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka \"DFS Referral Response Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-1869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS11-042",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-042"
},
{
"name" : "48187",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/48187"
},
{
"name" : "oval:org.mitre.oval:def:12640",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12640"
},
{
"name" : "1025639",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025639"
},
{
"name" : "44894",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44894"
},
{
"name" : "44948",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44948"
},
{
"name" : "ms-win-dfs-dos(67727)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67727"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka \"DFS Referral Response Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1025639",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025639"
},
{
"name": "oval:org.mitre.oval:def:12640",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12640"
},
{
"name": "MS11-042",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-042"
},
{
"name": "ms-win-dfs-dos(67727)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67727"
},
{
"name": "44894",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44894"
},
{
"name": "44948",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44948"
},
{
"name": "48187",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48187"
}
]
}
}

150
2011/3xxx/CVE-2011-3141.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3141",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the InBatch BatchField ActiveX control for Invensys Wonderware InBatch 8.1 SP1, 9.0, and 9.0 SP1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-094-01.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-094-01.pdf"
},
{
"name" : "http://iom.invensys.com/EN/pdfLibrary/Final.Tech.Alert.141.pdf",
"refsource" : "CONFIRM",
"url" : "http://iom.invensys.com/EN/pdfLibrary/Final.Tech.Alert.141.pdf"
},
{
"name" : "72182",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/72182"
},
{
"name" : "44336",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44336"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the InBatch BatchField ActiveX control for Invensys Wonderware InBatch 8.1 SP1, 9.0, and 9.0 SP1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44336",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44336"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-094-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-094-01.pdf"
},
{
"name": "http://iom.invensys.com/EN/pdfLibrary/Final.Tech.Alert.141.pdf",
"refsource": "CONFIRM",
"url": "http://iom.invensys.com/EN/pdfLibrary/Final.Tech.Alert.141.pdf"
},
{
"name": "72182",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/72182"
}
]
}
}

34
2011/4xxx/CVE-2011-4230.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4230",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4230",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2011/4xxx/CVE-2011-4266.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4266",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in FFFTP before 1.98d allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file, a different vulnerability than CVE-2011-3991."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-4266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.jp/projects/ffftp/wiki/Security",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.jp/projects/ffftp/wiki/Security"
},
{
"name" : "JVN#94002296",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN94002296/index.html"
},
{
"name" : "JVNDB-2011-000104",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000104"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in FFFTP before 1.98d allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file, a different vulnerability than CVE-2011-3991."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2011-000104",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000104"
},
{
"name": "http://sourceforge.jp/projects/ffftp/wiki/Security",
"refsource": "CONFIRM",
"url": "http://sourceforge.jp/projects/ffftp/wiki/Security"
},
{
"name": "JVN#94002296",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN94002296/index.html"
}
]
}
}

230
2011/4xxx/CVE-2011-4364.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4364",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Sierra VMD decoder in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9 and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VMD file, related to corrupted streams."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://ffmpeg.org/",
"refsource" : "CONFIRM",
"url" : "http://ffmpeg.org/"
},
{
"name" : "http://git.libav.org/?p=libav.git;a=commit;h=c0cbe36b18ab3eb13a53fe684ec1f63a00df2c86",
"refsource" : "CONFIRM",
"url" : "http://git.libav.org/?p=libav.git;a=commit;h=c0cbe36b18ab3eb13a53fe684ec1f63a00df2c86"
},
{
"name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c0cbe36b18ab3eb13a53fe684ec1f63a00df2c86",
"refsource" : "CONFIRM",
"url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c0cbe36b18ab3eb13a53fe684ec1f63a00df2c86"
},
{
"name" : "http://libav.org/",
"refsource" : "CONFIRM",
"url" : "http://libav.org/"
},
{
"name" : "http://libav.org/releases/libav-0.5.6.changelog",
"refsource" : "CONFIRM",
"url" : "http://libav.org/releases/libav-0.5.6.changelog"
},
{
"name" : "http://libav.org/releases/libav-0.6.4.changelog",
"refsource" : "CONFIRM",
"url" : "http://libav.org/releases/libav-0.6.4.changelog"
},
{
"name" : "http://libav.org/releases/libav-0.7.3.changelog",
"refsource" : "CONFIRM",
"url" : "http://libav.org/releases/libav-0.7.3.changelog"
},
{
"name" : "MDVSA-2012:074",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:074"
},
{
"name" : "MDVSA-2012:075",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:075"
},
{
"name" : "MDVSA-2012:076",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:076"
},
{
"name" : "USN-1320-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-1320-1"
},
{
"name" : "USN-1333-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-1333-1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Sierra VMD decoder in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9 and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VMD file, related to corrupted streams."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c0cbe36b18ab3eb13a53fe684ec1f63a00df2c86",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c0cbe36b18ab3eb13a53fe684ec1f63a00df2c86"
},
{
"name": "http://libav.org/releases/libav-0.6.4.changelog",
"refsource": "CONFIRM",
"url": "http://libav.org/releases/libav-0.6.4.changelog"
},
{
"name": "MDVSA-2012:076",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:076"
},
{
"name": "USN-1320-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1320-1"
},
{
"name": "MDVSA-2012:074",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:074"
},
{
"name": "MDVSA-2012:075",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:075"
},
{
"name": "http://ffmpeg.org/",
"refsource": "CONFIRM",
"url": "http://ffmpeg.org/"
},
{
"name": "http://libav.org/",
"refsource": "CONFIRM",
"url": "http://libav.org/"
},
{
"name": "USN-1333-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1333-1"
},
{
"name": "http://libav.org/releases/libav-0.5.6.changelog",
"refsource": "CONFIRM",
"url": "http://libav.org/releases/libav-0.5.6.changelog"
},
{
"name": "http://libav.org/releases/libav-0.7.3.changelog",
"refsource": "CONFIRM",
"url": "http://libav.org/releases/libav-0.7.3.changelog"
},
{
"name": "http://git.libav.org/?p=libav.git;a=commit;h=c0cbe36b18ab3eb13a53fe684ec1f63a00df2c86",
"refsource": "CONFIRM",
"url": "http://git.libav.org/?p=libav.git;a=commit;h=c0cbe36b18ab3eb13a53fe684ec1f63a00df2c86"
}
]
}
}

190
2011/4xxx/CVE-2011-4603.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4603",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://developer.pidgin.im/viewmtn/revision/diff/c7b95cc3be0590b52edc02d4750ae62844c1acb6/with/afb9ede3de989f217f03d5670cca00e628bd11f1/libpurple/protocols/silc/ops.c",
"refsource" : "CONFIRM",
"url" : "http://developer.pidgin.im/viewmtn/revision/diff/c7b95cc3be0590b52edc02d4750ae62844c1acb6/with/afb9ede3de989f217f03d5670cca00e628bd11f1/libpurple/protocols/silc/ops.c"
},
{
"name" : "http://developer.pidgin.im/viewmtn/revision/info/afb9ede3de989f217f03d5670cca00e628bd11f1",
"refsource" : "CONFIRM",
"url" : "http://developer.pidgin.im/viewmtn/revision/info/afb9ede3de989f217f03d5670cca00e628bd11f1"
},
{
"name" : "http://www.pidgin.im/news/security/?id=59",
"refsource" : "CONFIRM",
"url" : "http://www.pidgin.im/news/security/?id=59"
},
{
"name" : "RHSA-2011:1820",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-1820.html"
},
{
"name" : "openSUSE-SU-2012:0066",
"refsource" : "SUSE",
"url" : "https://hermes.opensuse.org/messages/13195955"
},
{
"name" : "51074",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51074"
},
{
"name" : "oval:org.mitre.oval:def:18303",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18303"
},
{
"name" : "47234",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47234"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2011:1820",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1820.html"
},
{
"name": "http://developer.pidgin.im/viewmtn/revision/info/afb9ede3de989f217f03d5670cca00e628bd11f1",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/viewmtn/revision/info/afb9ede3de989f217f03d5670cca00e628bd11f1"
},
{
"name": "51074",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51074"
},
{
"name": "openSUSE-SU-2012:0066",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/13195955"
},
{
"name": "oval:org.mitre.oval:def:18303",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18303"
},
{
"name": "http://www.pidgin.im/news/security/?id=59",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=59"
},
{
"name": "http://developer.pidgin.im/viewmtn/revision/diff/c7b95cc3be0590b52edc02d4750ae62844c1acb6/with/afb9ede3de989f217f03d5670cca00e628bd11f1/libpurple/protocols/silc/ops.c",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/viewmtn/revision/diff/c7b95cc3be0590b52edc02d4750ae62844c1acb6/with/afb9ede3de989f217f03d5670cca00e628bd11f1/libpurple/protocols/silc/ops.c"
},
{
"name": "47234",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47234"
}
]
}
}

160
2011/4xxx/CVE-2011-4960.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4960",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Folder::findOrMake method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name" : "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name" : "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.12",
"refsource" : "CONFIRM",
"url" : "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.12"
},
{
"name" : "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6",
"refsource" : "CONFIRM",
"url" : "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6"
},
{
"name" : "https://github.com/silverstripe/sapphire/commit/fef7c32",
"refsource" : "CONFIRM",
"url" : "https://github.com/silverstripe/sapphire/commit/fef7c32"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Folder::findOrMake method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/silverstripe/sapphire/commit/fef7c32",
"refsource": "CONFIRM",
"url": "https://github.com/silverstripe/sapphire/commit/fef7c32"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.12",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.12"
},
{
"name": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6"
}
]
}
}

160
2011/5xxx/CVE-2011-5278.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5278",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in signature.php in Advanced Forum Signatures plugin (aka afsignatures) 2.0.4 for MyBB allows remote attackers to execute arbitrary SQL commands via the afs_bar_right parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "17961",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/17961"
},
{
"name" : "50051",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/50051/info"
},
{
"name" : "76295",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/76295"
},
{
"name" : "46352",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46352"
},
{
"name" : "mybbafs-signature-sql-injection(70473)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70473"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in signature.php in Advanced Forum Signatures plugin (aka afsignatures) 2.0.4 for MyBB allows remote attackers to execute arbitrary SQL commands via the afs_bar_right parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mybbafs-signature-sql-injection(70473)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70473"
},
{
"name": "17961",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17961"
},
{
"name": "46352",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46352"
},
{
"name": "76295",
"refsource": "OSVDB",
"url": "http://osvdb.org/76295"
},
{
"name": "50051",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50051/info"
}
]
}
}

34
2013/5xxx/CVE-2013-5297.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5297",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5297",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2013/5xxx/CVE-2013-5710.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5710",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The nullfs implementation in sys/fs/nullfs/null_vnops.c in the kernel in FreeBSD 8.3 through 9.2 allows local users with certain permissions to bypass access restrictions via a hardlink in a nullfs instance to a file in a different instance."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://svnweb.freebsd.org/base?view=revision&revision=255442",
"refsource" : "CONFIRM",
"url" : "http://svnweb.freebsd.org/base?view=revision&revision=255442"
},
{
"name" : "DSA-2769",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2769"
},
{
"name" : "FreeBSD-SA-13:13",
"refsource" : "FREEBSD",
"url" : "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:13.nullfs.asc"
},
{
"name" : "1029015",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029015"
},
{
"name" : "54861",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/54861"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The nullfs implementation in sys/fs/nullfs/null_vnops.c in the kernel in FreeBSD 8.3 through 9.2 allows local users with certain permissions to bypass access restrictions via a hardlink in a nullfs instance to a file in a different instance."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54861",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54861"
},
{
"name": "1029015",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029015"
},
{
"name": "DSA-2769",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2769"
},
{
"name": "FreeBSD-SA-13:13",
"refsource": "FREEBSD",
"url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:13.nullfs.asc"
},
{
"name": "http://svnweb.freebsd.org/base?view=revision&revision=255442",
"refsource": "CONFIRM",
"url": "http://svnweb.freebsd.org/base?view=revision&revision=255442"
}
]
}
}

170
2014/2xxx/CVE-2014-2008.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2008",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "34586",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/34586"
},
{
"name" : "20140903 Mpay24 prestashop payment module multiple vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Sep/23"
},
{
"name" : "http://packetstormsecurity.com/files/128136/Mpay24-Payment-Module-1.5-Information-Disclosure-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/128136/Mpay24-Payment-Module-1.5-Information-Disclosure-SQL-Injection.html"
},
{
"name" : "69560",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69560"
},
{
"name" : "110737",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/show/osvdb/110737"
},
{
"name" : "mpay24-cve20142008-sql-injection(95720)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95720"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/128136/Mpay24-Payment-Module-1.5-Information-Disclosure-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128136/Mpay24-Payment-Module-1.5-Information-Disclosure-SQL-Injection.html"
},
{
"name": "34586",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/34586"
},
{
"name": "20140903 Mpay24 prestashop payment module multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Sep/23"
},
{
"name": "110737",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/110737"
},
{
"name": "mpay24-cve20142008-sql-injection(95720)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95720"
},
{
"name": "69560",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69560"
}
]
}
}

120
2014/2xxx/CVE-2014-2126.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2126",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47), 8.4 before 8.4(7.5), 8.7 before 8.7(1.11), 9.0 before 9.0(3.10), and 9.1 before 9.1(3.4) allows remote authenticated users to gain privileges by leveraging level-0 ASDM access, aka Bug ID CSCuj33496."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-2126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140409 Multiple Vulnerabilities in Cisco ASA Software",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47), 8.4 before 8.4(7.5), 8.7 before 8.7(1.11), 9.0 before 9.0(3.10), and 9.1 before 9.1(3.4) allows remote authenticated users to gain privileges by leveraging level-0 ASDM access, aka Bug ID CSCuj33496."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140409 Multiple Vulnerabilities in Cisco ASA Software",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa"
}
]
}
}

120
2014/2xxx/CVE-2014-2165.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2165",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCtq72699."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-2165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCtq72699."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte"
}
]
}
}

130
2014/2xxx/CVE-2014-2603.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2603",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability on HP 8/20q switches, SN6000 switches, and 8Gb Simple SAN Connection Kit with firmware before 8.0.14.08.00 allows remote authenticated users to obtain sensitive information via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2014-2603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBST03038",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04277407"
},
{
"name" : "SSRT101555",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04277407"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability on HP 8/20q switches, SN6000 switches, and 8Gb Simple SAN Connection Kit with firmware before 8.0.14.08.00 allows remote authenticated users to obtain sensitive information via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT101555",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04277407"
},
{
"name": "HPSBST03038",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04277407"
}
]
}
}

34
2014/2xxx/CVE-2014-2914.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2914",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2914",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2014/3xxx/CVE-2014-3897.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3897",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Homepage Decorator PerlMailer 3.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-3897",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.din.or.jp/~hideyuki/home/cgi/mailer.html",
"refsource" : "CONFIRM",
"url" : "http://www.din.or.jp/~hideyuki/home/cgi/mailer.html"
},
{
"name" : "JVN#85748534",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN85748534/index.html"
},
{
"name" : "JVNDB-2014-000088",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000088"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Homepage Decorator PerlMailer 3.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2014-000088",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000088"
},
{
"name": "http://www.din.or.jp/~hideyuki/home/cgi/mailer.html",
"refsource": "CONFIRM",
"url": "http://www.din.or.jp/~hideyuki/home/cgi/mailer.html"
},
{
"name": "JVN#85748534",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN85748534/index.html"
}
]
}
}

34
2014/6xxx/CVE-2014-6320.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6320",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-6320",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

130
2014/6xxx/CVE-2014-6450.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6450",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Juniper Junos OS before 11.4R12-S4, 12.1X44 before 12.1X44-D41, 12.1X46 before 12.1X46-D26, 12.1X47 before 12.1X47-D11/D15, 12.2 before 12.2R9, 12.2X50 before 12.2X50-D70, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 12.3X50 before 12.3X50-D42, 13.1 before 13.1R4-S3, 13.1X49 before 13.1X49-D42, 13.1X50 before 13.1X50-D30, 13.2 before 13.2R6, 13.2X51 before 13.2X51-D26, 13.2X52 before 13.2X52-D15, 13.3 before 13.3R3-S3, 14.1 before 14.1R3, 14.2 before 14.2R1, 15.1 before 15.1R1, and 15.1X49 before 15.1X49-D10, when configured for IPv6, allow remote attackers to cause a denial of service (mbuf chain corruption and kernel panic) via crafted IPv6 packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6450",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10699",
"refsource" : "CONFIRM",
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10699"
},
{
"name" : "1033855",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033855"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Juniper Junos OS before 11.4R12-S4, 12.1X44 before 12.1X44-D41, 12.1X46 before 12.1X46-D26, 12.1X47 before 12.1X47-D11/D15, 12.2 before 12.2R9, 12.2X50 before 12.2X50-D70, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 12.3X50 before 12.3X50-D42, 13.1 before 13.1R4-S3, 13.1X49 before 13.1X49-D42, 13.1X50 before 13.1X50-D30, 13.2 before 13.2R6, 13.2X51 before 13.2X51-D26, 13.2X52 before 13.2X52-D15, 13.3 before 13.3R3-S3, 14.1 before 14.1R3, 14.2 before 14.2R1, 15.1 before 15.1R1, and 15.1X49 before 15.1X49-D10, when configured for IPv6, allow remote attackers to cause a denial of service (mbuf chain corruption and kernel panic) via crafted IPv6 packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10699",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10699"
},
{
"name": "1033855",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033855"
}
]
}
}

130
2014/6xxx/CVE-2014-6528.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6528",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Siebel Core - System Management component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Server Infrastructure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-6528",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name" : "1031578",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031578"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Siebel Core - System Management component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Server Infrastructure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "1031578",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031578"
}
]
}
}

140
2014/6xxx/CVE-2014-6677.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6677",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Ticket Round Up (aka com.xcr.android.ticketroundupapp) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#143641",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/143641"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ticket Round Up (aka com.xcr.android.ticketroundupapp) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#143641",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/143641"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/6xxx/CVE-2014-6797.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6797",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Abu Ali Anasheeds (aka com.faapps.abuali_anasheeds) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#389425",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/389425"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Abu Ali Anasheeds (aka com.faapps.abuali_anasheeds) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#389425",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/389425"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/6xxx/CVE-2014-6804.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6804",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Deschutes Public MobileLibrary (aka com.bredir.boopsie.deschutes) application 4.5.110 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#959401",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/959401"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Deschutes Public MobileLibrary (aka com.bredir.boopsie.deschutes) application 4.5.110 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#959401",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/959401"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7111.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7111",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Android Excellence (aka an.exc.ap) application 1.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#601857",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/601857"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Android Excellence (aka an.exc.ap) application 1.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#601857",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/601857"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

150
2014/7xxx/CVE-2014-7290.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7290",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Atlas Systems Aeon 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) Action or (2) Form parameter to aeon.dll."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141114 CVE-2014-7290 Atlas Systems Aeon XSS (Cross-Site Scripting) Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Nov/32"
},
{
"name" : "http://packetstormsecurity.com/files/129114/Atlas-Systems-Aeon-3.5-3.6-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129114/Atlas-Systems-Aeon-3.5-3.6-Cross-Site-Scripting.html"
},
{
"name" : "http://tetraph.com/security/xss-vulnerability/cve-2014-7290-atlas-systems-aeon-xss-cross-site-scripting-vulnerability/",
"refsource" : "MISC",
"url" : "http://tetraph.com/security/xss-vulnerability/cve-2014-7290-atlas-systems-aeon-xss-cross-site-scripting-vulnerability/"
},
{
"name" : "atlassystemsaeon-cve20147290-xss(98705)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98705"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Atlas Systems Aeon 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) Action or (2) Form parameter to aeon.dll."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/129114/Atlas-Systems-Aeon-3.5-3.6-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129114/Atlas-Systems-Aeon-3.5-3.6-Cross-Site-Scripting.html"
},
{
"name": "http://tetraph.com/security/xss-vulnerability/cve-2014-7290-atlas-systems-aeon-xss-cross-site-scripting-vulnerability/",
"refsource": "MISC",
"url": "http://tetraph.com/security/xss-vulnerability/cve-2014-7290-atlas-systems-aeon-xss-cross-site-scripting-vulnerability/"
},
{
"name": "20141114 CVE-2014-7290 Atlas Systems Aeon XSS (Cross-Site Scripting) Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/32"
},
{
"name": "atlassystemsaeon-cve20147290-xss(98705)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98705"
}
]
}
}

140
2014/7xxx/CVE-2014-7354.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7354",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Penumbra eMag (aka com.magzter.penumbraemag) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7354",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#949985",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/949985"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Penumbra eMag (aka com.magzter.penumbraemag) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#949985",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/949985"
}
]
}
}

140
2014/7xxx/CVE-2014-7372.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7372",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Mr.Sausage (aka com.app_mrsausage.layout) application 1.301 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#448913",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/448913"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Mr.Sausage (aka com.app_mrsausage.layout) application 1.301 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#448913",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/448913"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7413.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7413",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Rajendra Suriji (aka com.rajendrasuriji.nakodabhairav.com) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#716785",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/716785"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Rajendra Suriji (aka com.rajendrasuriji.nakodabhairav.com) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#716785",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/716785"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

190
2014/7xxx/CVE-2014-7862.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7862",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141231 [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534356/100/0/threaded"
},
{
"name" : "20150102 [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Jan/2"
},
{
"name" : "http://packetstormsecurity.com/files/129769/Desktop-Central-Add-Administrator.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129769/Desktop-Central-Add-Administrator.html"
},
{
"name" : "https://github.com/pedrib/PoC/blob/master/advisories/ManageEngine/me_dc9_admin.txt",
"refsource" : "MISC",
"url" : "https://github.com/pedrib/PoC/blob/master/advisories/ManageEngine/me_dc9_admin.txt"
},
{
"name" : "https://www.rapid7.com/db/modules/auxiliary/admin/http/manage_engine_dc_create_admin",
"refsource" : "MISC",
"url" : "https://www.rapid7.com/db/modules/auxiliary/admin/http/manage_engine_dc_create_admin"
},
{
"name" : "https://www.manageengine.com/products/desktop-central/cve20147862-unauthorized-account-creation.html",
"refsource" : "CONFIRM",
"url" : "https://www.manageengine.com/products/desktop-central/cve20147862-unauthorized-account-creation.html"
},
{
"name" : "71849",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71849"
},
{
"name" : "desktopcentral-cve20147862-sec-bypass(99595)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99595"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/129769/Desktop-Central-Add-Administrator.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129769/Desktop-Central-Add-Administrator.html"
},
{
"name": "https://github.com/pedrib/PoC/blob/master/advisories/ManageEngine/me_dc9_admin.txt",
"refsource": "MISC",
"url": "https://github.com/pedrib/PoC/blob/master/advisories/ManageEngine/me_dc9_admin.txt"
},
{
"name": "71849",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71849"
},
{
"name": "20141231 [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534356/100/0/threaded"
},
{
"name": "desktopcentral-cve20147862-sec-bypass(99595)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99595"
},
{
"name": "https://www.manageengine.com/products/desktop-central/cve20147862-unauthorized-account-creation.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/desktop-central/cve20147862-unauthorized-account-creation.html"
},
{
"name": "https://www.rapid7.com/db/modules/auxiliary/admin/http/manage_engine_dc_create_admin",
"refsource": "MISC",
"url": "https://www.rapid7.com/db/modules/auxiliary/admin/http/manage_engine_dc_create_admin"
},
{
"name": "20150102 [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/2"
}
]
}
}

34
2017/0xxx/CVE-2017-0044.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-0044",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-0044",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2017/0xxx/CVE-2017-0141.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2017-0141",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Browser",
"version" : {
"version_data" : [
{
"version_value" : "Browser"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0150, and CVE-2017-0151."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Browser",
"version": {
"version_data": [
{
"version_value": "Browser"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0141",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0141"
},
{
"name" : "96685",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96685"
},
{
"name" : "1038006",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038006"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0150, and CVE-2017-0151."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0141",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0141"
},
{
"name": "96685",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96685"
},
{
"name": "1038006",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038006"
}
]
}
}

150
2017/0xxx/CVE-2017-0380.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@debian.org",
"ID" : "CVE-2017-0380",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Tor before 0.3.1.7",
"version" : {
"version_data" : [
{
"version_value" : "Tor before 0.3.1.7"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "use of uninitialized stack data"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2017-0380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tor before 0.3.1.7",
"version": {
"version_data": [
{
"version_value": "Tor before 0.3.1.7"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/torproject/tor/commit/09ea89764a4d3a907808ed7d4fe42abfe64bd486",
"refsource" : "CONFIRM",
"url" : "https://github.com/torproject/tor/commit/09ea89764a4d3a907808ed7d4fe42abfe64bd486"
},
{
"name" : "https://trac.torproject.org/projects/tor/ticket/23490",
"refsource" : "CONFIRM",
"url" : "https://trac.torproject.org/projects/tor/ticket/23490"
},
{
"name" : "DSA-3993",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3993"
},
{
"name" : "1039519",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039519"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "use of uninitialized stack data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://trac.torproject.org/projects/tor/ticket/23490",
"refsource": "CONFIRM",
"url": "https://trac.torproject.org/projects/tor/ticket/23490"
},
{
"name": "https://github.com/torproject/tor/commit/09ea89764a4d3a907808ed7d4fe42abfe64bd486",
"refsource": "CONFIRM",
"url": "https://github.com/torproject/tor/commit/09ea89764a4d3a907808ed7d4fe42abfe64bd486"
},
{
"name": "1039519",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039519"
},
{
"name": "DSA-3993",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3993"
}
]
}
}

142
2017/0xxx/CVE-2017-0869.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2018-01-02T00:00:00",
"ID" : "CVE-2017-0869",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "NA"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NVIDIA driver contains an integer overflow vulnerability which could cause a use after free and possibly lead to an elevation of privilege enabling code execution as a privileged process. This issue is rated as high. Version: N/A. Android ID: A-37776156. References: N-CVE-2017-0869."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-01-02T00:00:00",
"ID": "CVE-2017-0869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "NA"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-01-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-01-01"
},
{
"name" : "102374",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102374"
},
{
"name" : "1040106",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040106"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVIDIA driver contains an integer overflow vulnerability which could cause a use after free and possibly lead to an elevation of privilege enabling code execution as a privileged process. This issue is rated as high. Version: N/A. Android ID: A-37776156. References: N-CVE-2017-0869."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-01-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-01-01"
},
{
"name": "102374",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102374"
},
{
"name": "1040106",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040106"
}
]
}
}

130
2017/0xxx/CVE-2017-0885.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"ID" : "CVE-2017-0885",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Nextcloud Server",
"version" : {
"version_data" : [
{
"version_value" : "All versions before 9.0.55 and 10.0.2"
}
]
}
}
]
},
"vendor_name" : "Nextcloud"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and subfolders by comparing the exception messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Exposure Through an Error Message (CWE-209)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2017-0885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nextcloud Server",
"version": {
"version_data": [
{
"version_value": "All versions before 9.0.55 and 10.0.2"
}
]
}
}
]
},
"vendor_name": "Nextcloud"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://hackerone.com/reports/174524",
"refsource" : "MISC",
"url" : "https://hackerone.com/reports/174524"
},
{
"name" : "https://nextcloud.com/security/advisory/?id=nc-sa-2017-003",
"refsource" : "CONFIRM",
"url" : "https://nextcloud.com/security/advisory/?id=nc-sa-2017-003"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and subfolders by comparing the exception messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure Through an Error Message (CWE-209)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nextcloud.com/security/advisory/?id=nc-sa-2017-003",
"refsource": "CONFIRM",
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2017-003"
},
{
"name": "https://hackerone.com/reports/174524",
"refsource": "MISC",
"url": "https://hackerone.com/reports/174524"
}
]
}
}

150
2017/18xxx/CVE-2017-18015.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18015",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ILLID Share This Image plugin before 1.04 for WordPress has XSS via the sharer.php url parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://packetstormsecurity.com/files/145464/WordPress-Share-This-Image-1.03-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/145464/WordPress-Share-This-Image-1.03-Cross-Site-Scripting.html"
},
{
"name" : "https://wordpress.org/plugins/share-this-image/#developers",
"refsource" : "MISC",
"url" : "https://wordpress.org/plugins/share-this-image/#developers"
},
{
"name" : "https://wordpress.org/support/topic/share-this-image-1-03-cross-site-scripting/",
"refsource" : "MISC",
"url" : "https://wordpress.org/support/topic/share-this-image-1-03-cross-site-scripting/"
},
{
"name" : "https://wpvulndb.com/vulnerabilities/8991",
"refsource" : "MISC",
"url" : "https://wpvulndb.com/vulnerabilities/8991"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ILLID Share This Image plugin before 1.04 for WordPress has XSS via the sharer.php url parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/8991",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8991"
},
{
"name": "https://wordpress.org/support/topic/share-this-image-1-03-cross-site-scripting/",
"refsource": "MISC",
"url": "https://wordpress.org/support/topic/share-this-image-1-03-cross-site-scripting/"
},
{
"name": "https://wordpress.org/plugins/share-this-image/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/share-this-image/#developers"
},
{
"name": "https://packetstormsecurity.com/files/145464/WordPress-Share-This-Image-1.03-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/145464/WordPress-Share-This-Image-1.03-Cross-Site-Scripting.html"
}
]
}
}

34
2017/1xxx/CVE-2017-1432.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1432",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1432",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

274
2017/1xxx/CVE-2017-1531.json
View File

@ -1,139 +1,139 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-09-22T00:00:00",
"ID" : "CVE-2017-1531",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Business Process Manager Advanced",
"version" : {
"version_data" : [
{
"version_value" : "7.5"
},
{
"version_value" : "7.5.0.1"
},
{
"version_value" : "7.5.1"
},
{
"version_value" : "7.5.1.1"
},
{
"version_value" : "7.5.1.2"
},
{
"version_value" : "8.0"
},
{
"version_value" : "8.0.1"
},
{
"version_value" : "8.0.1.1"
},
{
"version_value" : "8.0.1.2"
},
{
"version_value" : "8.5"
},
{
"version_value" : "8.5.0.1"
},
{
"version_value" : "8.5.5"
},
{
"version_value" : "8.0.1.3"
},
{
"version_value" : "8.5.6"
},
{
"version_value" : "8.5.0.2"
},
{
"version_value" : "8.5.7"
},
{
"version_value" : "8.5.7.CF201609"
},
{
"version_value" : "8.5.6.1"
},
{
"version_value" : "8.5.6.2"
},
{
"version_value" : "8.5.7.CF201606"
},
{
"version_value" : "8.5.7.CF201612"
},
{
"version_value" : "8.5.7.CF201703"
},
{
"version_value" : "8.5.7.CF201706"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130410."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-09-22T00:00:00",
"ID": "CVE-2017-1531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Business Process Manager Advanced",
"version": {
"version_data": [
{
"version_value": "7.5"
},
{
"version_value": "7.5.0.1"
},
{
"version_value": "7.5.1"
},
{
"version_value": "7.5.1.1"
},
{
"version_value": "7.5.1.2"
},
{
"version_value": "8.0"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.0.1.1"
},
{
"version_value": "8.0.1.2"
},
{
"version_value": "8.5"
},
{
"version_value": "8.5.0.1"
},
{
"version_value": "8.5.5"
},
{
"version_value": "8.0.1.3"
},
{
"version_value": "8.5.6"
},
{
"version_value": "8.5.0.2"
},
{
"version_value": "8.5.7"
},
{
"version_value": "8.5.7.CF201609"
},
{
"version_value": "8.5.6.1"
},
{
"version_value": "8.5.6.2"
},
{
"version_value": "8.5.7.CF201606"
},
{
"version_value": "8.5.7.CF201612"
},
{
"version_value": "8.5.7.CF201703"
},
{
"version_value": "8.5.7.CF201706"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/130410",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/130410"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22007354",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22007354"
},
{
"name" : "100963",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100963"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130410."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100963",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100963"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130410",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130410"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22007354",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007354"
}
]
}
}

34
2017/5xxx/CVE-2017-5292.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5292",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5292",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/5xxx/CVE-2017-5312.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5312",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5312",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

132
2017/5xxx/CVE-2017-5701.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"DATE_PUBLIC" : "2017-10-06T00:00:00",
"ID" : "CVE-2017-5701",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "NUC Kits",
"version" : {
"version_data" : [
{
"version_value" : "BN0049 and below"
}
]
}
}
]
},
"vendor_name" : "Intel Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Insecure platform configuration in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows an attacker with physical presence to run arbitrary code via unauthorized firmware modification during BIOS Recovery."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2017-10-06T00:00:00",
"ID": "CVE-2017-5701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NUC Kits",
"version": {
"version_data": [
{
"version_value": "BN0049 and below"
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00084&languageid=en-fr",
"refsource" : "CONFIRM",
"url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00084&languageid=en-fr"
},
{
"name" : "101257",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101257"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insecure platform configuration in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows an attacker with physical presence to run arbitrary code via unauthorized firmware modification during BIOS Recovery."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00084&languageid=en-fr",
"refsource": "CONFIRM",
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00084&languageid=en-fr"
},
{
"name": "101257",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101257"
}
]
}
}

182
2017/5xxx/CVE-2017-5708.json
View File

@ -1,93 +1,93 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"DATE_PUBLIC" : "2017-11-20T00:00:00",
"ID" : "CVE-2017-5708",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Manageability Engine",
"version" : {
"version_data" : [
{
"version_value" : "11.0/11.5/11.6/11.7/11.10/11.20"
}
]
}
}
]
},
"vendor_name" : "Intel Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple privilege escalations in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow unauthorized process to access privileged content via unspecified vector."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2017-11-20T00:00:00",
"ID": "CVE-2017-5708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Manageability Engine",
"version": {
"version_data": [
{
"version_value": "11.0/11.5/11.6/11.7/11.10/11.20"
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr",
"refsource" : "CONFIRM",
"url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20171120-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20171120-0001/"
},
{
"name" : "https://www.asus.com/News/wzeltG5CjYaIwGJ0",
"refsource" : "CONFIRM",
"url" : "https://www.asus.com/News/wzeltG5CjYaIwGJ0"
},
{
"name" : "https://www.synology.com/support/security/Synology_SA_17_73",
"refsource" : "CONFIRM",
"url" : "https://www.synology.com/support/security/Synology_SA_17_73"
},
{
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf",
"refsource" : "CONFIRM",
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf"
},
{
"name" : "101921",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101921"
},
{
"name" : "1039852",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039852"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple privilege escalations in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow unauthorized process to access privileged content via unspecified vector."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101921",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101921"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171120-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171120-0001/"
},
{
"name": "1039852",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039852"
},
{
"name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr",
"refsource": "CONFIRM",
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_17_73",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_17_73"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf"
},
{
"name": "https://www.asus.com/News/wzeltG5CjYaIwGJ0",
"refsource": "CONFIRM",
"url": "https://www.asus.com/News/wzeltG5CjYaIwGJ0"
}
]
}
}

150
2017/5xxx/CVE-2017-5999.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5999",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers. The fact that inc/SP/Core/Crypt.class is using the MCRYPT_RIJNDAEL_256() function (the 256-bit block version of Rijndael, not AES) instead of MCRYPT_RIJNDAEL_128 (real AES) could help an attacker to create unknown havoc in the remote system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5999",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://cxsecurity.com/issue/WLB-2017020196",
"refsource" : "MISC",
"url" : "https://cxsecurity.com/issue/WLB-2017020196"
},
{
"name" : "https://github.com/nuxsmin/sysPass/commit/a0e2c485e53b370a7cc6d833e192c3c5bfd70e1f",
"refsource" : "CONFIRM",
"url" : "https://github.com/nuxsmin/sysPass/commit/a0e2c485e53b370a7cc6d833e192c3c5bfd70e1f"
},
{
"name" : "https://github.com/nuxsmin/sysPass/releases/tag/2.1.0.17022601",
"refsource" : "CONFIRM",
"url" : "https://github.com/nuxsmin/sysPass/releases/tag/2.1.0.17022601"
},
{
"name" : "96562",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96562"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers. The fact that inc/SP/Core/Crypt.class is using the MCRYPT_RIJNDAEL_256() function (the 256-bit block version of Rijndael, not AES) instead of MCRYPT_RIJNDAEL_128 (real AES) could help an attacker to create unknown havoc in the remote system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cxsecurity.com/issue/WLB-2017020196",
"refsource": "MISC",
"url": "https://cxsecurity.com/issue/WLB-2017020196"
},
{
"name": "https://github.com/nuxsmin/sysPass/commit/a0e2c485e53b370a7cc6d833e192c3c5bfd70e1f",
"refsource": "CONFIRM",
"url": "https://github.com/nuxsmin/sysPass/commit/a0e2c485e53b370a7cc6d833e192c3c5bfd70e1f"
},
{
"name": "96562",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96562"
},
{
"name": "https://github.com/nuxsmin/sysPass/releases/tag/2.1.0.17022601",
"refsource": "CONFIRM",
"url": "https://github.com/nuxsmin/sysPass/releases/tag/2.1.0.17022601"
}
]
}
}