admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:41:22 +00:00
parent c3d6e7e648
commit 19635091c6
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
55 changed files with 3551 additions and 3551 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2001/1xxx/CVE-2001-1094.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1094", "ID": "CVE-2001-1094",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NetOp School 1.5 allows local users to bypass access restrictions on the administration version by logging into the student version, closing the student version, then starting the administration version."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010911 NetOP School Admin Vulnerability for Windows 2000 Terminal Services and NT4", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/213516" "lang": "eng",
}, "value": "NetOp School 1.5 allows local users to bypass access restrictions on the administration version by logging into the student version, closing the student version, then starting the administration version."
{ }
"name" : "3321", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/3321" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "netop-school-bypass-authentication(7120)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7120" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "netop-school-bypass-authentication(7120)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7120"
},
{
"name": "3321",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3321"
},
{
"name": "20010911 NetOP School Admin Vulnerability for Windows 2000 Terminal Services and NT4",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/213516"
}
]
}
}

190
2001/1xxx/CVE-2001-1279.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1279", "ID": "CVE-2001-1279",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows remote attackers to cause a denial of service and possibly execute arbitrary code via AFS RPC packets with invalid lengths that trigger an integer signedness error, a different vulnerability than CVE-2000-1026."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "RHSA-2001:089", "description_data": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2001-089.html" "lang": "eng",
}, "value": "Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows remote attackers to cause a denial of service and possibly execute arbitrary code via AFS RPC packets with invalid lengths that trigger an integer signedness error, a different vulnerability than CVE-2000-1026."
{ }
"name" : "FreeBSD-SA-01:48", ]
"refsource" : "FREEBSD", },
"url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:48.tcpdump.asc" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "CLA-2002:480", "description": [
"refsource" : "CONECTIVA", {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000480" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MDKSA-2002:032", ]
"refsource" : "MANDRAKE", }
"url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-032.php" ]
}, },
{ "references": {
"name" : "CSSA-2002-025.0", "reference_data": [
"refsource" : "CALDERA", {
"url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-025.0.txt" "name": "MDKSA-2002:032",
}, "refsource": "MANDRAKE",
{ "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-032.php"
"name" : "tcpdump-afs-rpc-bo(7006)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/7006.php" "name": "VU#797201",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/797201"
"name" : "3065", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/3065" "name": "CSSA-2002-025.0",
}, "refsource": "CALDERA",
{ "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-025.0.txt"
"name" : "VU#797201", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/797201" "name": "RHSA-2001:089",
} "refsource": "REDHAT",
] "url": "http://www.redhat.com/support/errata/RHSA-2001-089.html"
} },
} {
"name": "tcpdump-afs-rpc-bo(7006)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7006.php"
},
{
"name": "3065",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3065"
},
{
"name": "CLA-2002:480",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000480"
},
{
"name": "FreeBSD-SA-01:48",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:48.tcpdump.asc"
}
]
}
}

140
2001/1xxx/CVE-2001-1335.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1335", "ID": "CVE-2001-1335",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in CesarFTP 0.98b and earlier allows remote authenticated users (such as anonymous) to read arbitrary files via a GET with a filename that contains a ...%5c (modified dot dot)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010527 CesarFTP v0.98b triple dot Directory Traversal / Weak password encryption", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-05/0252.html" "lang": "eng",
}, "value": "Directory traversal vulnerability in CesarFTP 0.98b and earlier allows remote authenticated users (such as anonymous) to read arbitrary files via a GET with a filename that contains a ...%5c (modified dot dot)."
{ }
"name" : "cesarftp-directory-traversal(6606)", ]
"refsource" : "XF", },
"url" : "http://www.iss.net/security_center/static/6606.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "2786", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/2786" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "2786",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2786"
},
{
"name": "cesarftp-directory-traversal(6606)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/6606.php"
},
{
"name": "20010527 CesarFTP v0.98b triple dot Directory Traversal / Weak password encryption",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0252.html"
}
]
}
}

130
2001/1xxx/CVE-2001-1475.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1475", "ID": "CVE-2001-1475",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SSH before 2.0, when using RC4 and password authentication, allows remote attackers to replay messages until a new server key (VK) is generated."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#665372", "description_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/665372" "lang": "eng",
}, "value": "SSH before 2.0, when using RC4 and password authentication, allows remote attackers to replay messages until a new server key (VK) is generated."
{ }
"name" : "ssh-rc4-replay-conversation(6490)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6490" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ssh-rc4-replay-conversation(6490)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6490"
},
{
"name": "VU#665372",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/665372"
}
]
}
}

34
2006/2xxx/CVE-2006-2207.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2207", "ID": "CVE-2006-2207",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2006/2xxx/CVE-2006-2215.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2006-2215", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2006-2215",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-2181. Reason: This candidate is a duplicate of CVE-2006-2181. Notes: All CVE users should reference CVE-2006-2181 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-2181. Reason: This candidate is a duplicate of CVE-2006-2181. Notes: All CVE users should reference CVE-2006-2181 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

160
2006/2xxx/CVE-2006-2326.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2326", "ID": "CVE-2006-2326",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in OnlyScript.info Online Universal Payment System Script allows remote attackers to read arbitrary files via directory traversal sequences in the read parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "17889", "description_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/17889" "lang": "eng",
}, "value": "Directory traversal vulnerability in index.php in OnlyScript.info Online Universal Payment System Script allows remote attackers to read arbitrary files via directory traversal sequences in the read parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "ADV-2006-1704", ]
"refsource" : "VUPEN", },
"url" : "http://www.vupen.com/english/advisories/2006/1704" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "25451", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/25451" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20005", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/20005" ]
}, },
{ "references": {
"name" : "oups-index-directory-traversal(26341)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26341" "name": "17889",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/17889"
} },
} {
"name": "ADV-2006-1704",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1704"
},
{
"name": "20005",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20005"
},
{
"name": "25451",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25451"
},
{
"name": "oups-index-directory-traversal(26341)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26341"
}
]
}
}

170
2006/2xxx/CVE-2006-2522.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2522", "ID": "CVE-2006-2522",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Dayfox Blog 2.0 and earlier stores user credentials in edit/slog_users.txt under the web document root with insufficient access control, which allows remote attackers to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://colander.altervista.org/advisory/DayfoxBlog.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://colander.altervista.org/advisory/DayfoxBlog.txt" "lang": "eng",
}, "value": "Dayfox Blog 2.0 and earlier stores user credentials in edit/slog_users.txt under the web document root with insufficient access control, which allows remote attackers to gain privileges."
{ }
"name" : "ADV-2006-1904", ]
"refsource" : "VUPEN", },
"url" : "http://www.vupen.com/english/advisories/2006/1904" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "25689", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/25689" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1016163", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1016163" ]
}, },
{ "references": {
"name" : "20216", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20216" "name": "25689",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/25689"
"name" : "dayfoxblog-slogusers-information-disclosure(26623)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26623" "name": "1016163",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1016163"
} },
} {
"name": "ADV-2006-1904",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1904"
},
{
"name": "dayfoxblog-slogusers-information-disclosure(26623)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26623"
},
{
"name": "http://colander.altervista.org/advisory/DayfoxBlog.txt",
"refsource": "MISC",
"url": "http://colander.altervista.org/advisory/DayfoxBlog.txt"
},
{
"name": "20216",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20216"
}
]
}
}

200
2006/2xxx/CVE-2006-2750.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2750", "ID": "CVE-2006-2750",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary web scripts or HTML via failed SQL queries, which is reflected in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060530 Open Searchable Image Catalogue: XSS and SQL Injection Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/435380/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary web scripts or HTML via failed SQL queries, which is reflected in an error message."
{ }
"name" : "http://svn.sourceforge.net/viewcvs.cgi/osic-win/branches/osic_0-7/osic/core.php?r1=477&r2=631", ]
"refsource" : "MISC", },
"url" : "http://svn.sourceforge.net/viewcvs.cgi/osic-win/branches/osic_0-7/osic/core.php?r1=477&r2=631" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0605-001.txt", "description": [
"refsource" : "MISC", {
"url" : "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0605-001.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://sourceforge.net/forum/forum.php?forum_id=576483", ]
"refsource" : "CONFIRM", }
"url" : "http://sourceforge.net/forum/forum.php?forum_id=576483" ]
}, },
{ "references": {
"name" : "18169", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/18169" "name": "http://sourceforge.net/forum/forum.php?forum_id=576483",
}, "refsource": "CONFIRM",
{ "url": "http://sourceforge.net/forum/forum.php?forum_id=576483"
"name" : "1016178", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016178" "name": "20060530 Open Searchable Image Catalogue: XSS and SQL Injection Vulnerabilities",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/435380/100/0/threaded"
"name" : "20341", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20341" "name": "20341",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20341"
"name" : "1014", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1014" "name": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0605-001.txt",
}, "refsource": "MISC",
{ "url": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0605-001.txt"
"name" : "osic-core-xss(26966)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26966" "name": "osic-core-xss(26966)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26966"
} },
} {
"name": "1016178",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016178"
},
{
"name": "1014",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1014"
},
{
"name": "18169",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18169"
},
{
"name": "http://svn.sourceforge.net/viewcvs.cgi/osic-win/branches/osic_0-7/osic/core.php?r1=477&r2=631",
"refsource": "MISC",
"url": "http://svn.sourceforge.net/viewcvs.cgi/osic-win/branches/osic_0-7/osic/core.php?r1=477&r2=631"
}
]
}
}

180
2006/6xxx/CVE-2006-6135.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6135", "ID": "CVE-2006-6135",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) have unknown impact and attack vectors, related to (1) a \"Potential security vulnerability\" (PK29725) and (2) \"Potential security exposure\" (PK30831)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-1.ibm.com/support/docview.wss?uid=swg27007951", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg27007951" "lang": "eng",
}, "value": "Multiple unspecified vulnerabilities in IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) have unknown impact and attack vectors, related to (1) a \"Potential security vulnerability\" (PK29725) and (2) \"Potential security exposure\" (PK30831)."
{ }
"name" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24013830", ]
"refsource" : "CONFIRM", },
"url" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24013830" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "PK29725", "description": [
"refsource" : "AIXAPAR", {
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=PK29725&apar=only" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "PK30831", ]
"refsource" : "AIXAPAR", }
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=PK30831&apar=only" ]
}, },
{ "references": {
"name" : "21204", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/21204" "name": "http://www-1.ibm.com/support/docview.wss?uid=swg27007951",
}, "refsource": "CONFIRM",
{ "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007951"
"name" : "ADV-2006-4639", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4639" "name": "PK30831",
}, "refsource": "AIXAPAR",
{ "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PK30831&apar=only"
"name" : "23028", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23028" "name": "23028",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/23028"
} },
} {
"name": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24013830",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24013830"
},
{
"name": "PK29725",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PK29725&apar=only"
},
{
"name": "21204",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21204"
},
{
"name": "ADV-2006-4639",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4639"
}
]
}
}

34
2008/5xxx/CVE-2008-5476.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2008-5476", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2008-5476",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none."
} }
] ]
} }
} }

150
2008/5xxx/CVE-2008-5904.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5904", "ID": "CVE-2008-5904",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp.c in xrdp 0.4.1 and earlier allows remote RDP servers to have an unknown impact via input data that sets crafted values for certain length variables, leading to a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20090112 CVE request: xrdp", "description_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2009/01/12/3" "lang": "eng",
}, "value": "The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp.c in xrdp 0.4.1 and earlier allows remote RDP servers to have an unknown impact via input data that sets crafted values for certain length variables, leading to a buffer overflow."
{ }
"name" : "http://packetstormsecurity.org/0812-advisories/VA_VD_87_08_XRDP.pdf", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.org/0812-advisories/VA_VD_87_08_XRDP.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SUSE-SR:2009:003", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "xrdp-rdprdpprocesscolorpointerpdu-bo(48094)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48094" ]
} },
] "references": {
} "reference_data": [
} {
"name": "SUSE-SR:2009:003",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html"
},
{
"name": "[oss-security] 20090112 CVE request: xrdp",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2009/01/12/3"
},
{
"name": "xrdp-rdprdpprocesscolorpointerpdu-bo(48094)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48094"
},
{
"name": "http://packetstormsecurity.org/0812-advisories/VA_VD_87_08_XRDP.pdf",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0812-advisories/VA_VD_87_08_XRDP.pdf"
}
]
}
}

160
2011/2xxx/CVE-2011-2496.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-2496", "ID": "CVE-2011-2496",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the vma_to_resize function in mm/mremap.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (BUG_ON and system crash) via a crafted mremap system call that expands a memory mapping."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110627 Re: CVE request: kernel: mm: avoid wrapping vm_pgoff in mremap() and stack expansions", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/06/27/2" "lang": "eng",
}, "value": "Integer overflow in the vma_to_resize function in mm/mremap.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (BUG_ON and system crash) via a crafted mremap system call that expands a memory mapping."
{ }
"name" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39", ]
"refsource" : "CONFIRM", },
"url" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=982134ba62618c2d69fbbbd166d0a11ee3b7e3d8", "description": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=982134ba62618c2d69fbbbd166d0a11ee3b7e3d8" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=716538", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=716538" ]
}, },
{ "references": {
"name" : "https://github.com/torvalds/linux/commit/982134ba62618c2d69fbbbd166d0a11ee3b7e3d8", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/torvalds/linux/commit/982134ba62618c2d69fbbbd166d0a11ee3b7e3d8" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=716538",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.redhat.com/show_bug.cgi?id=716538"
} },
} {
"name": "https://github.com/torvalds/linux/commit/982134ba62618c2d69fbbbd166d0a11ee3b7e3d8",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/982134ba62618c2d69fbbbd166d0a11ee3b7e3d8"
},
{
"name": "[oss-security] 20110627 Re: CVE request: kernel: mm: avoid wrapping vm_pgoff in mremap() and stack expansions",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/2"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=982134ba62618c2d69fbbbd166d0a11ee3b7e3d8",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=982134ba62618c2d69fbbbd166d0a11ee3b7e3d8"
},
{
"name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39",
"refsource": "CONFIRM",
"url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39"
}
]
}
}

190
2011/2xxx/CVE-2011-2577.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2011-2577", "ID": "CVE-2011-2577",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs, when using software versions before TC 4.0.0 or F9.1, allows remote attackers to cause a denial of service (crash) via a crafted SIP packet to port 5060 or 5061, aka Bug ID CSCtq46500."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20110919 Cisco TelePresence Multiple Vulnerabilities - SOS-11-010", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/519698/100/0/threaded" "lang": "eng",
}, "value": "Unspecified vulnerability in Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs, when using software versions before TC 4.0.0 or F9.1, allows remote attackers to cause a denial of service (crash) via a crafted SIP packet to port 5060 or 5061, aka Bug ID CSCtq46500."
{ }
"name" : "17871", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/17871" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20110831 Denial of Service Vulnerability in Cisco TelePresence Codecs", "description": [
"refsource" : "CISCO", {
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b91395.shtml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "49392", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/49392" ]
}, },
{ "references": {
"name" : "1025994", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1025994" "name": "1025994",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1025994"
"name" : "8387", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/8387" "name": "8389",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/8389"
"name" : "8389", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/8389" "name": "8387",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/8387"
"name" : "cisco-telepresence-codecs-sip-dos(69513)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69513" "name": "49392",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/49392"
} },
} {
"name": "cisco-telepresence-codecs-sip-dos(69513)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69513"
},
{
"name": "20110919 Cisco TelePresence Multiple Vulnerabilities - SOS-11-010",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/519698/100/0/threaded"
},
{
"name": "17871",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17871"
},
{
"name": "20110831 Denial of Service Vulnerability in Cisco TelePresence Codecs",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b91395.shtml"
}
]
}
}

170
2011/2xxx/CVE-2011-2811.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2011-2811", "ID": "CVE-2011-2811",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT4981", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4981" "lang": "eng",
}, "value": "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1."
{ }
"name" : "http://support.apple.com/kb/HT5000", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT5000" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2011-10-11-1", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2011-10-12-4", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html" ]
}, },
{ "references": {
"name" : "50066", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/50066" "name": "http://support.apple.com/kb/HT4981",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4981"
"name" : "oval:org.mitre.oval:def:17051", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17051" "name": "APPLE-SA-2011-10-11-1",
} "refsource": "APPLE",
] "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
} },
} {
"name": "oval:org.mitre.oval:def:17051",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17051"
},
{
"name": "APPLE-SA-2011-10-12-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html"
},
{
"name": "50066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50066"
},
{
"name": "http://support.apple.com/kb/HT5000",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5000"
}
]
}
}

290
2011/3xxx/CVE-2011-3553.json
View File

@ -1,147 +1,147 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2011-3553", "ID": "CVE-2011-3553",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote authenticated users to affect confidentiality, related to JAXWS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote authenticated users to affect confidentiality, related to JAXWS."
{ }
"name" : "http://www.ibm.com/developerworks/java/jdk/alerts/", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ibm.com/developerworks/java/jdk/alerts/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-201406-32", "description": [
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "HPSBUX02730", ]
"refsource" : "HP", }
"url" : "http://marc.info/?l=bugtraq&m=132750579901589&w=2" ]
}, },
{ "references": {
"name" : "SSRT100710", "reference_data": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=132750579901589&w=2" "name": "GLSA-201406-32",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
"name" : "HPSBMU02797", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" "name": "HPSBMU02799",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
"name" : "SSRT100867", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" "name": "50246",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/50246"
"name" : "HPSBMU02799", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" "name": "48308",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48308"
"name" : "RHSA-2011:1384", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-1384.html" "name": "HPSBUX02730",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=132750579901589&w=2"
"name" : "RHSA-2013:1455", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" "name": "SUSE-SU-2012:0114",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html"
"name" : "SUSE-SU-2012:0114", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html" "name": "RHSA-2013:1455",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
"name" : "USN-1263-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1263-1" "name": "SSRT100710",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=132750579901589&w=2"
"name" : "50246", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/50246" "name": "RHSA-2011:1384",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-1384.html"
"name" : "76512", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/76512" "name": "oval:org.mitre.oval:def:14311",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14311"
"name" : "oval:org.mitre.oval:def:14311", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14311" "name": "oracle-jre-jaxws-info-disc(70840)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70840"
"name" : "1026215", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026215" "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html"
"name" : "48308", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48308" "name": "SSRT100867",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
"name" : "oracle-jre-jaxws-info-disc(70840)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70840" "name": "1026215",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id?1026215"
} },
} {
"name": "USN-1263-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1263-1"
},
{
"name": "76512",
"refsource": "OSVDB",
"url": "http://osvdb.org/76512"
},
{
"name": "HPSBMU02797",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name": "http://www.ibm.com/developerworks/java/jdk/alerts/",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
}
]
}
}

160
2011/3xxx/CVE-2011-3620.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-3620", "ID": "CVE-2011-3620",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=747078", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=747078" "lang": "eng",
}, "value": "Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username."
{ }
"name" : "https://issues.apache.org/jira/browse/QPID-3652", ]
"refsource" : "CONFIRM", },
"url" : "https://issues.apache.org/jira/browse/QPID-3652" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://reviews.apache.org/r/2988/", "description": [
"refsource" : "CONFIRM", {
"url" : "https://reviews.apache.org/r/2988/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1026990", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1026990" ]
}, },
{ "references": {
"name" : "49000", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/49000" "name": "49000",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/49000"
} },
} {
"name": "https://issues.apache.org/jira/browse/QPID-3652",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/QPID-3652"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=747078",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=747078"
},
{
"name": "https://reviews.apache.org/r/2988/",
"refsource": "CONFIRM",
"url": "https://reviews.apache.org/r/2988/"
},
{
"name": "1026990",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026990"
}
]
}
}

250
2011/3xxx/CVE-2011-3651.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3651", "ID": "CVE-2011-3651",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-48.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-48.html" "lang": "eng",
}, "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=646968", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=646968" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=652054", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=652054" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=665070", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=665070" ]
}, },
{ "references": {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=671160", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=671160" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=677847",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=677847"
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=672892", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=672892" "name": "oval:org.mitre.oval:def:14364",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14364"
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=675515", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=675515" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=686044",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=686044"
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=676918", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=676918" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=665070",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=665070"
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=677847", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=677847" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=671160",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=671160"
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=679593", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=679593" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=679593",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=679593"
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=686044", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=686044" "name": "49055",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/49055"
"name" : "SUSE-SU-2011:1256", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=675515",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=675515"
"name" : "oval:org.mitre.oval:def:14364", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14364" "name": "SUSE-SU-2011:1256",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html"
"name" : "49055", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/49055" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=672892",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=672892"
} },
} {
"name": "http://www.mozilla.org/security/announce/2011/mfsa2011-48.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2011/mfsa2011-48.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=646968",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=646968"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=676918",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=676918"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=652054",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=652054"
}
]
}
}

140
2011/3xxx/CVE-2011-3668.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3668", "ID": "CVE-2011-3668",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in post_bug.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that create bug reports."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.bugzilla.org/security/3.4.12/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.bugzilla.org/security/3.4.12/" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in post_bug.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that create bug reports."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=703975", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=703975" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "47368", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/47368" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "47368",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47368"
},
{
"name": "http://www.bugzilla.org/security/3.4.12/",
"refsource": "CONFIRM",
"url": "http://www.bugzilla.org/security/3.4.12/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=703975",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=703975"
}
]
}
}

140
2011/3xxx/CVE-2011-3967.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2011-3967", "ID": "CVE-2011-3967",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=109717", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=109717" "lang": "eng",
}, "value": "Unspecified vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via a crafted certificate."
{ }
"name" : "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:14010", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14010" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=109717",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=109717"
},
{
"name": "oval:org.mitre.oval:def:14010",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14010"
}
]
}
}

120
2011/4xxx/CVE-2011-4244.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-4244", "ID": "CVE-2011-4244",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the RealVideo renderer in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://service.real.com/realplayer/security/11182011_player/en/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://service.real.com/realplayer/security/11182011_player/en/" "lang": "eng",
} "value": "Heap-based buffer overflow in the RealVideo renderer in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://service.real.com/realplayer/security/11182011_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/11182011_player/en/"
}
]
}
}

140
2013/0xxx/CVE-2013-0010.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2013-0010", "ID": "CVE-2013-0010",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka \"System Center Operations Manager Web Console XSS Vulnerability,\" a different vulnerability than CVE-2013-0009."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS13-003", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-003" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka \"System Center Operations Manager Web Console XSS Vulnerability,\" a different vulnerability than CVE-2013-0009."
{ }
"name" : "TA13-008A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA13-008A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:16232", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16232" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "TA13-008A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA13-008A.html"
},
{
"name": "oval:org.mitre.oval:def:16232",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16232"
},
{
"name": "MS13-003",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-003"
}
]
}
}

34
2013/0xxx/CVE-2013-0040.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2013-0040", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2013-0040",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
} }
] ]
} }
} }

150
2013/0xxx/CVE-2013-0135.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2013-0135", "ID": "CVE-2013-0135",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) addressbook/register/edit_user_save.php; the email parameter to (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, or (7) addressbook/register/user_add_save.php; the username parameter to (8) addressbook/register/checklogin.php or (9) addressbook/register/reset_password_save.php; the (10) lastname, (11) firstname, (12) phone, (13) permissions, or (14) notes parameter to addressbook/register/edit_user_save.php; the (15) q parameter to addressbook/register/admin_index.php; the (16) site parameter to addressbook/register/linktick.php; the (17) password parameter to addressbook/register/reset_password.php; the (18) password_hint parameter to addressbook/register/reset_password_save.php; the (19) var parameter to addressbook/register/traffic.php; or a (20) BasicLogin cookie to addressbook/register/router.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) addressbook/register/edit_user_save.php; the email parameter to (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, or (7) addressbook/register/user_add_save.php; the username parameter to (8) addressbook/register/checklogin.php or (9) addressbook/register/reset_password_save.php; the (10) lastname, (11) firstname, (12) phone, (13) permissions, or (14) notes parameter to addressbook/register/edit_user_save.php; the (15) q parameter to addressbook/register/admin_index.php; the (16) site parameter to addressbook/register/linktick.php; the (17) password parameter to addressbook/register/reset_password.php; the (18) password_hint parameter to addressbook/register/reset_password_save.php; the (19) var parameter to addressbook/register/traffic.php; or a (20) BasicLogin cookie to addressbook/register/router.php."
{ }
"name" : "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#183692", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/183692" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "phpaddressbook-checklogin-auth-bypass(99623)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99623" ]
} },
] "references": {
} "reference_data": [
} {
"name": "VU#183692",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/183692"
},
{
"name": "phpaddressbook-checklogin-auth-bypass(99623)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99623"
},
{
"name": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html",
"refsource": "MISC",
"url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
},
{
"name": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html"
}
]
}
}

34
2013/0xxx/CVE-2013-0165.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-0165", "ID": "CVE-2013-0165",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

150
2013/0xxx/CVE-2013-0321.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-0321", "ID": "CVE-2013-0321",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Views in the Ubercart Views (uc_views) module 6.x before 6.x-3.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/02/21/5" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Views in the Ubercart Views (uc_views) module 6.x before 6.x-3.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field."
{ }
"name" : "http://drupal.org/node/1922416", ]
"refsource" : "MISC", },
"url" : "http://drupal.org/node/1922416" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://drupal.org/node/1922128", "description": [
"refsource" : "CONFIRM", {
"url" : "http://drupal.org/node/1922128" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://drupalcode.org/project/uc_views.git/commitdiff/157d5d3", ]
"refsource" : "CONFIRM", }
"url" : "http://drupalcode.org/project/uc_views.git/commitdiff/157d5d3" ]
} },
] "references": {
} "reference_data": [
} {
"name": "[oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/5"
},
{
"name": "http://drupalcode.org/project/uc_views.git/commitdiff/157d5d3",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/uc_views.git/commitdiff/157d5d3"
},
{
"name": "http://drupal.org/node/1922128",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1922128"
},
{
"name": "http://drupal.org/node/1922416",
"refsource": "MISC",
"url": "http://drupal.org/node/1922416"
}
]
}
}

140
2013/1xxx/CVE-2013-1286.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2013-1286", "ID": "CVE-2013-1286",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka \"Windows USB Descriptor Vulnerability,\" a different vulnerability than CVE-2013-1285 and CVE-2013-1287."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS13-027", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-027" "lang": "eng",
}, "value": "The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka \"Windows USB Descriptor Vulnerability,\" a different vulnerability than CVE-2013-1285 and CVE-2013-1287."
{ }
"name" : "TA13-071A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-071A" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:16591", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16591" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "MS13-027",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-027"
},
{
"name": "oval:org.mitre.oval:def:16591",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16591"
},
{
"name": "TA13-071A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-071A"
}
]
}
}

34
2013/1xxx/CVE-2013-1596.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-1596", "ID": "CVE-2013-1596",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2013/1xxx/CVE-2013-1756.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-1756", "ID": "CVE-2013-1756",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/markevans/dragonfly/commit/a8775aacf9e5c81cf11bec34b7afa7f27ddfe277", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/markevans/dragonfly/commit/a8775aacf9e5c81cf11bec34b7afa7f27ddfe277" "lang": "eng",
}, "value": "The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request."
{ }
"name" : "https://groups.google.com/forum/?fromgroups=#!topic/dragonfly-users/3c3WIU3VQTo", ]
"refsource" : "CONFIRM", },
"url" : "https://groups.google.com/forum/?fromgroups=#!topic/dragonfly-users/3c3WIU3VQTo" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "58225", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/58225" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "52380", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/52380" ]
}, },
{ "references": {
"name" : "dragonfly-ruby-code-exec(82476)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/82476" "name": "dragonfly-ruby-code-exec(82476)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82476"
} },
} {
"name": "58225",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58225"
},
{
"name": "https://github.com/markevans/dragonfly/commit/a8775aacf9e5c81cf11bec34b7afa7f27ddfe277",
"refsource": "CONFIRM",
"url": "https://github.com/markevans/dragonfly/commit/a8775aacf9e5c81cf11bec34b7afa7f27ddfe277"
},
{
"name": "https://groups.google.com/forum/?fromgroups=#!topic/dragonfly-users/3c3WIU3VQTo",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/?fromgroups=#!topic/dragonfly-users/3c3WIU3VQTo"
},
{
"name": "52380",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52380"
}
]
}
}

270
2013/5xxx/CVE-2013-5607.json
View File

@ -1,137 +1,137 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2013-5607", "ID": "CVE-2013-5607",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[dev-tech-nspr] 20131113 [ANNOUNCE] NSPR 4.10.2 Release", "description_data": [
"refsource" : "MLIST", {
"url" : "https://groups.google.com/forum/message/raw?msg=mozilla.dev.tech.nspr/_8AcygMEjSA/mm_cqQzLPFQJ" "lang": "eng",
}, "value": "Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741."
{ }
"name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=927687", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=927687" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" ]
}, },
{ "references": {
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761" "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
"name" : "DSA-2820", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2013/dsa-2820" "name": "DSA-2820",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2013/dsa-2820"
"name" : "GLSA-201406-19", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201406-19.xml" "name": "GLSA-201504-01",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201504-01"
"name" : "GLSA-201504-01", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201504-01" "name": "USN-2087-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2087-1"
"name" : "RHSA-2013:1791", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1791.html" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=927687",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=927687"
"name" : "RHSA-2013:1829", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1829.html" "name": "GLSA-201406-19",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201406-19.xml"
"name" : "SUSE-SU-2013:1807", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.html" "name": "USN-2031-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2031-1"
"name" : "openSUSE-SU-2013:1732", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-11/msg00080.html" "name": "USN-2032-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2032-1"
"name" : "USN-2031-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2031-1" "name": "RHSA-2013:1791",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1791.html"
"name" : "USN-2032-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2032-1" "name": "[dev-tech-nspr] 20131113 [ANNOUNCE] NSPR 4.10.2 Release",
}, "refsource": "MLIST",
{ "url": "https://groups.google.com/forum/message/raw?msg=mozilla.dev.tech.nspr/_8AcygMEjSA/mm_cqQzLPFQJ"
"name" : "USN-2087-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2087-1" "name": "SUSE-SU-2013:1807",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.html"
"name" : "63802", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/63802" "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761",
} "refsource": "CONFIRM",
] "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761"
} },
} {
"name": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html"
},
{
"name": "openSUSE-SU-2013:1732",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00080.html"
},
{
"name": "63802",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63802"
},
{
"name": "RHSA-2013:1829",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1829.html"
}
]
}
}

300
2013/5xxx/CVE-2013-5889.json
View File

@ -1,152 +1,152 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2013-5889", "ID": "CVE-2013-5889",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, CVE-2014-0418, and CVE-2014-0424."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, CVE-2014-0418, and CVE-2014-0424."
{ }
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777", ]
"refsource" : "CONFIRM", },
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "HPSBUX02972", "description": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "HPSBUX02973", ]
"refsource" : "HP", }
"url" : "http://marc.info/?l=bugtraq&m=139402749111889&w=2" ]
}, },
{ "references": {
"name" : "SSRT101454", "reference_data": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2" "name": "RHSA-2014:0414",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2014:0414"
"name" : "SSRT101455", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=139402749111889&w=2" "name": "SSRT101455",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=139402749111889&w=2"
"name" : "RHSA-2014:0030", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0030.html" "name": "RHSA-2014:0135",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2014-0135.html"
"name" : "RHSA-2014:0134", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0134.html" "name": "56535",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/56535"
"name" : "RHSA-2014:0135", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0135.html" "name": "RHSA-2014:0030",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2014-0030.html"
"name" : "RHSA-2014:0414", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2014:0414" "name": "56485",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/56485"
"name" : "SUSE-SU-2014:0246", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" "name": "SSRT101454",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2"
"name" : "SUSE-SU-2014:0266", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777",
}, "refsource": "CONFIRM",
{ "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777"
"name" : "SUSE-SU-2014:0451", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" "name": "HPSBUX02972",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2"
"name" : "64758", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/64758" "name": "SUSE-SU-2014:0451",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html"
"name" : "64931", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/64931" "name": "HPSBUX02973",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=139402749111889&w=2"
"name" : "102020", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/102020" "name": "1029608",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1029608"
"name" : "1029608", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1029608" "name": "102020",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/102020"
"name" : "56485", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56485" "name": "SUSE-SU-2014:0266",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html"
"name" : "56535", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56535" "name": "64758",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/64758"
} },
} {
"name": "SUSE-SU-2014:0246",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html"
},
{
"name": "64931",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64931"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name": "RHSA-2014:0134",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0134.html"
}
]
}
}

140
2014/2xxx/CVE-2014-2452.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2014-2452", "ID": "CVE-2014-2452",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5 allows remote authenticated users to affect availability via unknown vectors related to Webserver Plugin."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.com/files/127047/Oracle-Access-Manager-Information-Disclosure.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/127047/Oracle-Access-Manager-Information-Disclosure.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5 allows remote authenticated users to affect availability via unknown vectors related to Webserver Plugin."
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "66865", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/66865" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "66865",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66865"
},
{
"name": "http://packetstormsecurity.com/files/127047/Oracle-Access-Manager-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127047/Oracle-Access-Manager-Information-Disclosure.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
}
]
}
}

170
2014/2xxx/CVE-2014-2577.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2577", "ID": "CVE-2014-2577",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Transform Content Center in Bottomline Technologies Transform Foundation Server before 4.3.1 Patch 8 and 5.x before 5.2 Patch 7 allow remote attackers to inject arbitrary web script or HTML via the (1) pn parameter to index.fsp/document.pdf, (2) db or (3) referer parameter to index.fsp/index.fsp, or (4) PATH_INFO to the default URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20140603 [CVE-2014-2577] XSS on Transform Foundation Server 4.3.1 and 5.2 from Bottomline Technologies", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/532286/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Transform Content Center in Bottomline Technologies Transform Foundation Server before 4.3.1 Patch 8 and 5.x before 5.2 Patch 7 allow remote attackers to inject arbitrary web script or HTML via the (1) pn parameter to index.fsp/document.pdf, (2) db or (3) referer parameter to index.fsp/index.fsp, or (4) PATH_INFO to the default URI."
{ }
"name" : "20140604 [CVE-2014-2577] XSS on Transform Foundation Server 4.3.1 and 5.2 from Bottomline Technologies", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2014/Jun/15" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://packetstormsecurity.com/files/126907/Transform-Foundation-Server-4.3.1-5.2-Cross-Site-Scripting.html", "description": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/126907/Transform-Foundation-Server-4.3.1-5.2-Cross-Site-Scripting.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.pdf-archive.com/2014/06/03/tf431patch8releasenotes/preview/page/9", ]
"refsource" : "CONFIRM", }
"url" : "http://www.pdf-archive.com/2014/06/03/tf431patch8releasenotes/preview/page/9" ]
}, },
{ "references": {
"name" : "http://www.pdf-archive.com/2014/06/03/tf52patch7releasenotes/preview/page/14", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.pdf-archive.com/2014/06/03/tf52patch7releasenotes/preview/page/14" "name": "20140604 [CVE-2014-2577] XSS on Transform Foundation Server 4.3.1 and 5.2 from Bottomline Technologies",
}, "refsource": "FULLDISC",
{ "url": "http://seclists.org/fulldisclosure/2014/Jun/15"
"name" : "67810", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/67810" "name": "http://www.pdf-archive.com/2014/06/03/tf431patch8releasenotes/preview/page/9",
} "refsource": "CONFIRM",
] "url": "http://www.pdf-archive.com/2014/06/03/tf431patch8releasenotes/preview/page/9"
} },
} {
"name": "20140603 [CVE-2014-2577] XSS on Transform Foundation Server 4.3.1 and 5.2 from Bottomline Technologies",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532286/100/0/threaded"
},
{
"name": "http://www.pdf-archive.com/2014/06/03/tf52patch7releasenotes/preview/page/14",
"refsource": "CONFIRM",
"url": "http://www.pdf-archive.com/2014/06/03/tf52patch7releasenotes/preview/page/14"
},
{
"name": "67810",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67810"
},
{
"name": "http://packetstormsecurity.com/files/126907/Transform-Foundation-Server-4.3.1-5.2-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126907/Transform-Foundation-Server-4.3.1-5.2-Cross-Site-Scripting.html"
}
]
}
}

140
2017/0xxx/CVE-2017-0245.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2017-0245", "ID": "CVE-2017-0245",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Windows", "product_name": "Microsoft Windows",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1 and Windows Server 2012 Gold" "version_value": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1 and Windows Server 2012 Gold"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1 and Windows Server 2012 Gold allow a local authenticated attacker to execute a specially crafted application to obtain kernel information, aka \"Win32k Information Disclosure Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "42008", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/42008/" "lang": "eng",
}, "value": "The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1 and Windows Server 2012 Gold allow a local authenticated attacker to execute a specially crafted application to obtain kernel information, aka \"Win32k Information Disclosure Vulnerability.\""
{ }
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0245", ]
"refsource" : "CONFIRM", },
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0245" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "98115", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/98115" "lang": "eng",
} "value": "Information Disclosure"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "42008",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42008/"
},
{
"name": "98115",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98115"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0245",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0245"
}
]
}
}

170
2017/0xxx/CVE-2017-0421.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2017-0421", "ID": "CVE-2017-0421",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android-5.0.2" "version_value": "Android-5.0.2"
}, },
{ {
"version_value" : "Android-5.1.1" "version_value": "Android-5.1.1"
}, },
{ {
"version_value" : "Android-6.0" "version_value": "Android-6.0"
}, },
{ {
"version_value" : "Android-6.0.1" "version_value": "Android-6.0.1"
}, },
{ {
"version_value" : "Android-7.0" "version_value": "Android-7.0"
}, },
{ {
"version_value" : "Android-7.1.1" "version_value": "Android-7.1.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32555637."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-02-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-02-01.html" "lang": "eng",
}, "value": "An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32555637."
{ }
"name" : "96096", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96096" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037798", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037798" "lang": "eng",
} "value": "Information disclosure"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "96096",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96096"
},
{
"name": "1037798",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037798"
},
{
"name": "https://source.android.com/security/bulletin/2017-02-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-02-01.html"
}
]
}
}

156
2017/0xxx/CVE-2017-0715.json
View File

@ -1,80 +1,80 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"DATE_PUBLIC" : "2017-08-07T00:00:00", "DATE_PUBLIC": "2017-08-07T00:00:00",
"ID" : "CVE-2017-0715", "ID": "CVE-2017-0715",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "6.0" "version_value": "6.0"
}, },
{ {
"version_value" : "6.0.1" "version_value": "6.0.1"
}, },
{ {
"version_value" : "7.0" "version_value": "7.0"
}, },
{ {
"version_value" : "7.1.1" "version_value": "7.1.1"
}, },
{ {
"version_value" : "7.1.2" "version_value": "7.1.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36998372."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote code execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-08-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-08-01" "lang": "eng",
}, "value": "A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36998372."
{ }
"name" : "100204", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100204" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100204",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100204"
},
{
"name": "https://source.android.com/security/bulletin/2017-08-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-08-01"
}
]
}
}

240
2017/1000xxx/CVE-2017-1000252.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-1000252", "ID": "CVE-2017-1000252",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Linux kernel", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "4.13.3 and earlier" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Linux" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "denial of service"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=36ae3c0a36b7456432fedce38ae2f7bd3e01a563", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=36ae3c0a36b7456432fedce38ae2f7bd3e01a563" "lang": "eng",
}, "value": "The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c."
{ }
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3a8b0677fc6180a467e26cc32ce6b0c09a32f9bb", ]
"refsource" : "CONFIRM", },
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3a8b0677fc6180a467e26cc32ce6b0c09a32f9bb" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.openwall.com/lists/oss-security/2017/09/15/4", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.openwall.com/lists/oss-security/2017/09/15/4" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1490781", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1490781" ]
}, },
{ "references": {
"name" : "https://github.com/torvalds/linux/commit/36ae3c0a36b7456432fedce38ae2f7bd3e01a563", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/torvalds/linux/commit/36ae3c0a36b7456432fedce38ae2f7bd3e01a563" "name": "101022",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/101022"
"name" : "https://github.com/torvalds/linux/commit/3a8b0677fc6180a467e26cc32ce6b0c09a32f9bb", },
"refsource" : "CONFIRM", {
"url" : "https://github.com/torvalds/linux/commit/3a8b0677fc6180a467e26cc32ce6b0c09a32f9bb" "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=36ae3c0a36b7456432fedce38ae2f7bd3e01a563",
}, "refsource": "CONFIRM",
{ "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=36ae3c0a36b7456432fedce38ae2f7bd3e01a563"
"name" : "https://marc.info/?l=kvm&m=150549145711115&w=2", },
"refsource" : "CONFIRM", {
"url" : "https://marc.info/?l=kvm&m=150549145711115&w=2" "name": "https://github.com/torvalds/linux/commit/3a8b0677fc6180a467e26cc32ce6b0c09a32f9bb",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/torvalds/linux/commit/3a8b0677fc6180a467e26cc32ce6b0c09a32f9bb"
"name" : "https://marc.info/?l=kvm&m=150549146311117&w=2", },
"refsource" : "CONFIRM", {
"url" : "https://marc.info/?l=kvm&m=150549146311117&w=2" "name": "RHSA-2018:1062",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:1062"
"name" : "DSA-3981", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3981" "name": "DSA-3981",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2017/dsa-3981"
"name" : "RHSA-2018:0676", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:0676" "name": "https://marc.info/?l=kvm&m=150549146311117&w=2",
}, "refsource": "CONFIRM",
{ "url": "https://marc.info/?l=kvm&m=150549146311117&w=2"
"name" : "RHSA-2018:1062", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:1062" "name": "RHSA-2018:0676",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:0676"
"name" : "RHSA-2018:1130", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:1130" "name": "https://github.com/torvalds/linux/commit/36ae3c0a36b7456432fedce38ae2f7bd3e01a563",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/torvalds/linux/commit/36ae3c0a36b7456432fedce38ae2f7bd3e01a563"
"name" : "101022", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/101022" "name": "https://marc.info/?l=kvm&m=150549145711115&w=2",
} "refsource": "CONFIRM",
] "url": "https://marc.info/?l=kvm&m=150549145711115&w=2"
} },
} {
"name": "RHSA-2018:1130",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1130"
},
{
"name": "http://www.openwall.com/lists/oss-security/2017/09/15/4",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/lists/oss-security/2017/09/15/4"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1490781",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490781"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3a8b0677fc6180a467e26cc32ce6b0c09a32f9bb",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3a8b0677fc6180a467e26cc32ce6b0c09a32f9bb"
}
]
}
}

34
2017/12xxx/CVE-2017-12024.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12024", "ID": "CVE-2017-12024",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/12xxx/CVE-2017-12406.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12406", "ID": "CVE-2017-12406",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2017/12xxx/CVE-2017-12413.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12413", "ID": "CVE-2017-12413",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AXIS 2100 devices 2.43 have XSS via the URI, possibly related to admin/admin.shtml."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://packetstormsecurity.com/files/143657/Axis-2100-Network-Camera-2.43-Cross-Site-Scripting.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://packetstormsecurity.com/files/143657/Axis-2100-Network-Camera-2.43-Cross-Site-Scripting.html" "lang": "eng",
} "value": "AXIS 2100 devices 2.43 have XSS via the URI, possibly related to admin/admin.shtml."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/143657/Axis-2100-Network-Camera-2.43-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/143657/Axis-2100-Network-Camera-2.43-Cross-Site-Scripting.html"
}
]
}
}

120
2017/12xxx/CVE-2017-12584.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12584", "ID": "CVE-2017-12584",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile (including the password) can be updated without sending the current password. This allows remote attackers to trick a user into changing to an attacker-controlled password, a complete account takeover, via the passwd1 and passwd2 fields in an admin/modules/system/app_user.php changecurrent=true operation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/slims/slims8_akasia/issues/49", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/slims/slims8_akasia/issues/49" "lang": "eng",
} "value": "There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile (including the password) can be updated without sending the current password. This allows remote attackers to trick a user into changing to an attacker-controlled password, a complete account takeover, via the passwd1 and passwd2 fields in an admin/modules/system/app_user.php changecurrent=true operation."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/slims/slims8_akasia/issues/49",
"refsource": "CONFIRM",
"url": "https://github.com/slims/slims8_akasia/issues/49"
}
]
}
}

120
2017/12xxx/CVE-2017-12957.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12957", "ID": "CVE-2017-12957",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1482423", "description_data": [
"refsource" : "MISC", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1482423" "lang": "eng",
} "value": "There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1482423",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1482423"
}
]
}
}

34
2017/12xxx/CVE-2017-12968.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12968", "ID": "CVE-2017-12968",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

142
2017/16xxx/CVE-2017-16226.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00", "DATE_PUBLIC": "2018-04-26T00:00:00",
"ID" : "CVE-2017-16226", "ID": "CVE-2017-16226",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "static-eval node module node module", "product_name": "static-eval node module node module",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "<=1.1.1" "version_value": "<=1.1.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "HackerOne" "vendor_name": "HackerOne"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Input Validation (CWE-20)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/substack/static-eval/pull/18", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/substack/static-eval/pull/18" "lang": "eng",
}, "value": "The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution."
{ }
"name" : "https://maustin.net/articles/2017-10/static_eval", ]
"refsource" : "MISC", },
"url" : "https://maustin.net/articles/2017-10/static_eval" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://nodesecurity.io/advisories/548", "description": [
"refsource" : "MISC", {
"url" : "https://nodesecurity.io/advisories/548" "lang": "eng",
} "value": "Improper Input Validation (CWE-20)"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/548",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/548"
},
{
"name": "https://maustin.net/articles/2017-10/static_eval",
"refsource": "MISC",
"url": "https://maustin.net/articles/2017-10/static_eval"
},
{
"name": "https://github.com/substack/static-eval/pull/18",
"refsource": "MISC",
"url": "https://github.com/substack/static-eval/pull/18"
}
]
}
}

34
2017/16xxx/CVE-2017-16264.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-16264", "ID": "CVE-2017-16264",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2017/16xxx/CVE-2017-16599.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "zdi-disclosures@trendmicro.com", "ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2017-16599", "ID": "CVE-2017-16599",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "NetGain Systems Enterprise Manager", "product_name": "NetGain Systems Enterprise Manager",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "7.2.730 build 1034" "version_value": "7.2.730 build 1034"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "NetGain Systems" "vendor_name": "NetGain Systems"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.reports.templates.misc.sample_jsp servlet, which listens on TCP port 8081 by default. When parsing the type parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5190."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-22-Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://zerodayinitiative.com/advisories/ZDI-17-964", "description_data": [
"refsource" : "MISC", {
"url" : "https://zerodayinitiative.com/advisories/ZDI-17-964" "lang": "eng",
} "value": "This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.reports.templates.misc.sample_jsp servlet, which listens on TCP port 8081 by default. When parsing the type parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5190."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22-Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zerodayinitiative.com/advisories/ZDI-17-964",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-17-964"
}
]
}
}

142
2017/16xxx/CVE-2017-16678.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cna@sap.com", "ASSIGNER": "cna@sap.com",
"DATE_PUBLIC" : "2017-12-12T00:00:00", "DATE_PUBLIC": "2017-12-12T00:00:00",
"ID" : "CVE-2017-16678", "ID": "CVE-2017-16678",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "SAP NetWeaver Knowledge Management Configuration Service", "product_name": "SAP NetWeaver Knowledge Management Configuration Service",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50" "version_value": "EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "SAP" "vendor_name": "SAP"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Server Side Request Forgery (SSRF)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/" "lang": "eng",
}, "value": "Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application."
{ }
"name" : "https://launchpad.support.sap.com/#/notes/2457562", ]
"refsource" : "CONFIRM", },
"url" : "https://launchpad.support.sap.com/#/notes/2457562" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "102149", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/102149" "lang": "eng",
} "value": "Server Side Request Forgery (SSRF)"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2457562",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2457562"
},
{
"name": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"name": "102149",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102149"
}
]
}
}

34
2017/16xxx/CVE-2017-16688.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-16688", "ID": "CVE-2017-16688",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/4xxx/CVE-2017-4045.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4045", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4045",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/4xxx/CVE-2017-4443.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4443", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4443",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

140
2017/4xxx/CVE-2017-4977.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security_alert@emc.com", "ASSIGNER": "security_alert@emc.com",
"ID" : "CVE-2017-4977", "ID": "CVE-2017-4977",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52", "product_name": "RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52" "version_value": "RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EMC RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52 contain a sensitive information disclosure vulnerability that could potentially be exploited by malicious users to compromise an affected system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Sensitive Information Disclosure Vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.securityfocus.com/archive/1/540339/30/0/threaded", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.securityfocus.com/archive/1/540339/30/0/threaded" "lang": "eng",
}, "value": "EMC RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52 contain a sensitive information disclosure vulnerability that could potentially be exploited by malicious users to compromise an affected system."
{ }
"name" : "97225", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97225" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038162", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038162" "lang": "eng",
} "value": "Sensitive Information Disclosure Vulnerability"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "97225",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97225"
},
{
"name": "http://www.securityfocus.com/archive/1/540339/30/0/threaded",
"refsource": "CONFIRM",
"url": "http://www.securityfocus.com/archive/1/540339/30/0/threaded"
},
{
"name": "1038162",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038162"
}
]
}
}

120
2017/4xxx/CVE-2017-4991.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security_alert@emc.com", "ASSIGNER": "security_alert@emc.com",
"ID" : "CVE-2017-4991", "ID": "CVE-2017-4991",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cloud Foundry UAA", "product_name": "Cloud Foundry UAA",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cloud Foundry UAA" "version_value": "Cloud Foundry UAA"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v260; UAA release 2.x versions prior to v2.7.4.16, 3.6.x versions prior to v3.6.10, 3.9.x versions prior to v3.9.12, and other versions prior to v3.17.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.14, 24.x versions prior to v24.9, 30.x versions prior to 30.2, and other versions prior to v36. Privileged users in one zone are allowed to perform a password reset for users in a different zone."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "UAA password reset vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.cloudfoundry.org/cve-2017-4991/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.cloudfoundry.org/cve-2017-4991/" "lang": "eng",
} "value": "An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v260; UAA release 2.x versions prior to v2.7.4.16, 3.6.x versions prior to v3.6.10, 3.9.x versions prior to v3.9.12, and other versions prior to v3.17.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.14, 24.x versions prior to v24.9, 30.x versions prior to 30.2, and other versions prior to v36. Privileged users in one zone are allowed to perform a password reset for users in a different zone."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UAA password reset vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudfoundry.org/cve-2017-4991/",
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/cve-2017-4991/"
}
]
}
}

162
2018/5xxx/CVE-2018-5135.json
View File

@ -1,83 +1,83 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@mozilla.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2018-5135", "ID": "CVE-2018-5135",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Firefox", "product_name": "Firefox",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "59" "version_value": "59"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Mozilla" "vendor_name": "Mozilla"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebExtensions can bypass normal restrictions in some circumstances and use \"browser.tabs.executeScript\" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged \"about:\" pages. This vulnerability affects Firefox < 59."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "WebExtension browserAction can inject scripts into unintended contexts"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1431371", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1431371" "lang": "eng",
}, "value": "WebExtensions can bypass normal restrictions in some circumstances and use \"browser.tabs.executeScript\" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged \"about:\" pages. This vulnerability affects Firefox < 59."
{ }
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-06/", ]
"refsource" : "CONFIRM", },
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-06/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "USN-3596-1", "description": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3596-1/" "lang": "eng",
}, "value": "WebExtension browserAction can inject scripts into unintended contexts"
{ }
"name" : "103386", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/103386" ]
}, },
{ "references": {
"name" : "1040514", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040514" "name": "103386",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/103386"
} },
} {
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1431371",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1431371"
},
{
"name": "1040514",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-06/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
]
}
}

34
2018/5xxx/CVE-2018-5417.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-5417", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2018-5417",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
} }
] ]
} }
} }

34
2018/5xxx/CVE-2018-5444.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-5444", "ID": "CVE-2018-5444",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }