admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:07:21 +00:00
parent 39c2e0eb0e
commit 1c42df9c34
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
51 changed files with 3572 additions and 3572 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

148
2006/0xxx/CVE-2006-0171.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0171",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file include vulnerability in index.php in OrjinWeb E-commerce allows remote attackers to execute arbitrary code via a URL in the page parameter. NOTE: it is not clear, but OrjinWeb might be an application service, in which case it should not be included in CVE."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060106 Orjinweb E-commerce",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/421312/100/0/threaded"
},
{
"name" : "16199",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16199"
},
{
"name" : "22387",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22387"
},
{
"name" : "orjinweb-url-file-include(24097)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24097"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file include vulnerability in index.php in OrjinWeb E-commerce allows remote attackers to execute arbitrary code via a URL in the page parameter. NOTE: it is not clear, but OrjinWeb might be an application service, in which case it should not be included in CVE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060106 Orjinweb E-commerce",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421312/100/0/threaded"
},
{
"name": "22387",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22387"
},
{
"name": "orjinweb-url-file-include(24097)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24097"
},
{
"name": "16199",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16199"
}
]
}
}

558
2006/0xxx/CVE-2006-0301.json
View File

@ -1,282 +1,282 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0301",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-0301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179046",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179046"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=141242",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=141242"
},
{
"name" : "20060202 [KDE Security Advisory] kpdf/xpdf heap based buffer overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/423899/100/0/threaded"
},
{
"name" : "http://www.kde.org/info/security/advisory-20060202-1.txt",
"refsource" : "MISC",
"url" : "http://www.kde.org/info/security/advisory-20060202-1.txt"
},
{
"name" : "DSA-971",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-971"
},
{
"name" : "DSA-974",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-974"
},
{
"name" : "DSA-972",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-972"
},
{
"name" : "FLSA:175404",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/427990/100/0/threaded"
},
{
"name" : "FEDORA-2006-103",
"refsource" : "FEDORA",
"url" : "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00039.html"
},
{
"name" : "GLSA-200602-04",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200602-04.xml"
},
{
"name" : "GLSA-200602-05",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200602-05.xml"
},
{
"name" : "GLSA-200602-12",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200602-12.xml"
},
{
"name" : "MDKSA-2006:030",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:030"
},
{
"name" : "MDKSA-2006:031",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:031"
},
{
"name" : "MDKSA-2006:032",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:032"
},
{
"name" : "RHSA-2006:0201",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0201.html"
},
{
"name" : "RHSA-2006:0206",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2006-0206.html"
},
{
"name" : "SCOSA-2006.15",
"refsource" : "SCO",
"url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt"
},
{
"name" : "SSA:2006-045-04",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747"
},
{
"name" : "SSA:2006-045-09",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683"
},
{
"name" : "USN-249-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-249-1"
},
{
"name" : "oval:org.mitre.oval:def:10850",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10850"
},
{
"name" : "ADV-2006-0389",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0389"
},
{
"name" : "ADV-2006-0422",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0422"
},
{
"name" : "1015576",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015576"
},
{
"name" : "18677",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18677"
},
{
"name" : "18707",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18707"
},
{
"name" : "18834",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18834"
},
{
"name" : "18875",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18875"
},
{
"name" : "18274",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18274"
},
{
"name" : "18825",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18825"
},
{
"name" : "18826",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18826"
},
{
"name" : "18837",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18837"
},
{
"name" : "18838",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18838"
},
{
"name" : "18860",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18860"
},
{
"name" : "18862",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18862"
},
{
"name" : "18864",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18864"
},
{
"name" : "18882",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18882"
},
{
"name" : "18908",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18908"
},
{
"name" : "18913",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18913"
},
{
"name" : "18983",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18983"
},
{
"name" : "19377",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19377"
},
{
"name" : "18839",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18839"
},
{
"name" : "470",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/470"
},
{
"name" : "xpdf-splash-bo(24391)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24391"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18707",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18707"
},
{
"name": "ADV-2006-0422",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0422"
},
{
"name": "1015576",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015576"
},
{
"name": "SCOSA-2006.15",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt"
},
{
"name": "18837",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18837"
},
{
"name": "xpdf-splash-bo(24391)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24391"
},
{
"name": "18834",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18834"
},
{
"name": "MDKSA-2006:031",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:031"
},
{
"name": "18983",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18983"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179046",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179046"
},
{
"name": "MDKSA-2006:030",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:030"
},
{
"name": "20060202 [KDE Security Advisory] kpdf/xpdf heap based buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423899/100/0/threaded"
},
{
"name": "18864",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18864"
},
{
"name": "ADV-2006-0389",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0389"
},
{
"name": "18677",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18677"
},
{
"name": "GLSA-200602-12",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200602-12.xml"
},
{
"name": "FEDORA-2006-103",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00039.html"
},
{
"name": "RHSA-2006:0201",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0201.html"
},
{
"name": "MDKSA-2006:032",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:032"
},
{
"name": "GLSA-200602-05",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200602-05.xml"
},
{
"name": "18882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18882"
},
{
"name": "18274",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18274"
},
{
"name": "oval:org.mitre.oval:def:10850",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10850"
},
{
"name": "DSA-974",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-974"
},
{
"name": "DSA-971",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-971"
},
{
"name": "18825",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18825"
},
{
"name": "RHSA-2006:0206",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0206.html"
},
{
"name": "http://www.kde.org/info/security/advisory-20060202-1.txt",
"refsource": "MISC",
"url": "http://www.kde.org/info/security/advisory-20060202-1.txt"
},
{
"name": "470",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/470"
},
{
"name": "SSA:2006-045-09",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683"
},
{
"name": "18875",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18875"
},
{
"name": "GLSA-200602-04",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200602-04.xml"
},
{
"name": "18860",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18860"
},
{
"name": "18908",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18908"
},
{
"name": "18839",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18839"
},
{
"name": "USN-249-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-249-1"
},
{
"name": "18862",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18862"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=141242",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=141242"
},
{
"name": "SSA:2006-045-04",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747"
},
{
"name": "19377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19377"
},
{
"name": "FLSA:175404",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/427990/100/0/threaded"
},
{
"name": "DSA-972",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-972"
},
{
"name": "18913",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18913"
},
{
"name": "18838",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18838"
},
{
"name": "18826",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18826"
}
]
}
}

188
2006/3xxx/CVE-2006-3078.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3078",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in APBoard 2.2-r3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) PHPSESSID parameter in board.php and (2) viewcatmod parameter in main.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3078",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060614 APBoard 2.2-r3 <= SQL Injections",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/437271/100/0/threaded"
},
{
"name" : "18447",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18447"
},
{
"name" : "ADV-2006-2401",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2401"
},
{
"name" : "26582",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26582"
},
{
"name" : "26583",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26583"
},
{
"name" : "20682",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20682"
},
{
"name" : "1117",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1117"
},
{
"name" : "apboard-multiple-sql-injection(27163)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27163"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in APBoard 2.2-r3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) PHPSESSID parameter in board.php and (2) viewcatmod parameter in main.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20682",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20682"
},
{
"name": "26583",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26583"
},
{
"name": "26582",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26582"
},
{
"name": "ADV-2006-2401",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2401"
},
{
"name": "18447",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18447"
},
{
"name": "apboard-multiple-sql-injection(27163)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27163"
},
{
"name": "1117",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1117"
},
{
"name": "20060614 APBoard 2.2-r3 <= SQL Injections",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437271/100/0/threaded"
}
]
}
}

168
2006/3xxx/CVE-2006-3318.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3318",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in register.php for phpRaid 3.0.6 and possibly other versions, when the authorization type is phpraid, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) email parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2006-3318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060629 Secunia Research: phpRaid SQL Injection and File InclusionVulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/438706/100/0/threaded"
},
{
"name" : "http://secunia.com/secunia_research/2006-47/advisory/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2006-47/advisory/"
},
{
"name" : "ADV-2006-2593",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2593"
},
{
"name" : "20865",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20865"
},
{
"name" : "1173",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1173"
},
{
"name" : "phpraid-register-sql-injection(27459)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27459"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in register.php for phpRaid 3.0.6 and possibly other versions, when the authorization type is phpraid, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) email parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://secunia.com/secunia_research/2006-47/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2006-47/advisory/"
},
{
"name": "phpraid-register-sql-injection(27459)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27459"
},
{
"name": "ADV-2006-2593",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2593"
},
{
"name": "20060629 Secunia Research: phpRaid SQL Injection and File InclusionVulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438706/100/0/threaded"
},
{
"name": "1173",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1173"
},
{
"name": "20865",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20865"
}
]
}
}

138
2006/3xxx/CVE-2006-3383.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3383",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in mAds 1.0 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as onmouseover within a URL. NOTE: the provenance of this information is unknown; the details are obtained solely from third party reports."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3383",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ADV-2006-2641",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2641"
},
{
"name" : "20932",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20932"
},
{
"name" : "mads-index-search-xss(27510)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27510"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in mAds 1.0 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as onmouseover within a URL. NOTE: the provenance of this information is unknown; the details are obtained solely from third party reports."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2641",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2641"
},
{
"name": "mads-index-search-xss(27510)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27510"
},
{
"name": "20932",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20932"
}
]
}
}

218
2006/4xxx/CVE-2006-4381.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4381",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060912 Apple QuickTime H.264 Integer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445830/100/0/threaded"
},
{
"name" : "http://secway.org/advisory/AD20060912.txt",
"refsource" : "MISC",
"url" : "http://secway.org/advisory/AD20060912.txt"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=304357",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=304357"
},
{
"name" : "APPLE-SA-2006-09-12",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2006/Sep/msg00000.html"
},
{
"name" : "19976",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19976"
},
{
"name" : "ADV-2006-3577",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3577"
},
{
"name" : "28774",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28774"
},
{
"name" : "1016830",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016830"
},
{
"name" : "21893",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21893"
},
{
"name" : "1551",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1551"
},
{
"name" : "quicktime-h264-integer-overflow(28928)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28928"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016830",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016830"
},
{
"name": "21893",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21893"
},
{
"name": "http://secway.org/advisory/AD20060912.txt",
"refsource": "MISC",
"url": "http://secway.org/advisory/AD20060912.txt"
},
{
"name": "19976",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19976"
},
{
"name": "1551",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1551"
},
{
"name": "28774",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28774"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=304357",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=304357"
},
{
"name": "APPLE-SA-2006-09-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2006/Sep/msg00000.html"
},
{
"name": "ADV-2006-3577",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3577"
},
{
"name": "quicktime-h264-integer-overflow(28928)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28928"
},
{
"name": "20060912 Apple QuickTime H.264 Integer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445830/100/0/threaded"
}
]
}
}

158
2006/4xxx/CVE-2006-4459.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4459",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in AnywhereUSB/5 1.80.00 allows local users to cause a denial of service (crash) via a 1 byte header size specified in the USB string descriptor."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060904 AnywhereUSB/5 1.80.00 Drivers Integer Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445088/100/0/threaded"
},
{
"name" : "http://www.safend.com/advisories/digi_anywhereusb5_intoverflow.txt",
"refsource" : "MISC",
"url" : "http://www.safend.com/advisories/digi_anywhereusb5_intoverflow.txt"
},
{
"name" : "19833",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19833"
},
{
"name" : "21739",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21739"
},
{
"name" : "1500",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1500"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in AnywhereUSB/5 1.80.00 allows local users to cause a denial of service (crash) via a 1 byte header size specified in the USB string descriptor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1500",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1500"
},
{
"name": "19833",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19833"
},
{
"name": "http://www.safend.com/advisories/digi_anywhereusb5_intoverflow.txt",
"refsource": "MISC",
"url": "http://www.safend.com/advisories/digi_anywhereusb5_intoverflow.txt"
},
{
"name": "20060904 AnywhereUSB/5 1.80.00 Drivers Integer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445088/100/0/threaded"
},
{
"name": "21739",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21739"
}
]
}
}

188
2006/4xxx/CVE-2006-4702.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4702",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-4702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-274.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-274.htm"
},
{
"name" : "HPSBST02180",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
},
{
"name" : "SSRT061288",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
},
{
"name" : "MS06-078",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-078"
},
{
"name" : "TA06-346A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-346A.html"
},
{
"name" : "21505",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21505"
},
{
"name" : "oval:org.mitre.oval:def:536",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A536"
},
{
"name" : "1017372",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017372"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-274.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-274.htm"
},
{
"name": "MS06-078",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-078"
},
{
"name": "21505",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21505"
},
{
"name": "TA06-346A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-346A.html"
},
{
"name": "oval:org.mitre.oval:def:536",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A536"
},
{
"name": "SSRT061288",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
},
{
"name": "HPSBST02180",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
},
{
"name": "1017372",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017372"
}
]
}
}

168
2006/4xxx/CVE-2006-4864.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4864",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in index.php in All Enthusiast ReviewPost 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the RP_PATH parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4864",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060915 SolpotCrew Advisory #11 - ReviewPost 2.5 (RP_PATH) Remote File Inclusion",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446106/100/0/threaded"
},
{
"name" : "http://www.nyubicrew.org/adv/home_edition2001-adv-01.txt",
"refsource" : "MISC",
"url" : "http://www.nyubicrew.org/adv/home_edition2001-adv-01.txt"
},
{
"name" : "ADV-2006-3658",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3658"
},
{
"name" : "21971",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21971"
},
{
"name" : "1603",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1603"
},
{
"name" : "reviewpostphppro-rppath-file-include(28992)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28992"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in index.php in All Enthusiast ReviewPost 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the RP_PATH parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3658",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3658"
},
{
"name": "http://www.nyubicrew.org/adv/home_edition2001-adv-01.txt",
"refsource": "MISC",
"url": "http://www.nyubicrew.org/adv/home_edition2001-adv-01.txt"
},
{
"name": "21971",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21971"
},
{
"name": "1603",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1603"
},
{
"name": "reviewpostphppro-rppath-file-include(28992)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28992"
},
{
"name": "20060915 SolpotCrew Advisory #11 - ReviewPost 2.5 (RP_PATH) Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446106/100/0/threaded"
}
]
}
}

32
2006/4xxx/CVE-2006-4932.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4932",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4932",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2006/6xxx/CVE-2006-6327.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6327",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6327",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

138
2006/6xxx/CVE-2006-6970.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6970",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain characters to the end of a domain name, as demonstrated by the \".\" and \"/\" characters, which is not caught by the blacklist filter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070206 Firefox 2.0.0.1 and Opera 9.10 Anty Fraud/Phishing Protection bypass.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/459265/100/0/threaded"
},
{
"name" : "http://kaneda.bohater.net/security/20061220-opera_9.10_final_bypass_fraud_protection.php",
"refsource" : "MISC",
"url" : "http://kaneda.bohater.net/security/20061220-opera_9.10_final_bypass_fraud_protection.php"
},
{
"name" : "34927",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/34927"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain characters to the end of a domain name, as demonstrated by the \".\" and \"/\" characters, which is not caught by the blacklist filter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070206 Firefox 2.0.0.1 and Opera 9.10 Anty Fraud/Phishing Protection bypass.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/459265/100/0/threaded"
},
{
"name": "34927",
"refsource": "OSVDB",
"url": "http://osvdb.org/34927"
},
{
"name": "http://kaneda.bohater.net/security/20061220-opera_9.10_final_bypass_fraud_protection.php",
"refsource": "MISC",
"url": "http://kaneda.bohater.net/security/20061220-opera_9.10_final_bypass_fraud_protection.php"
}
]
}
}

138
2006/7xxx/CVE-2006-7010.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7010",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.joomla.org/content/view/1510/74/",
"refsource" : "CONFIRM",
"url" : "http://www.joomla.org/content/view/1510/74/"
},
{
"name" : "26916",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26916"
},
{
"name" : "20874",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20874"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.joomla.org/content/view/1510/74/",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/content/view/1510/74/"
},
{
"name": "26916",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26916"
},
{
"name": "20874",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20874"
}
]
}
}

168
2010/2xxx/CVE-2010-2358.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2358",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in modules/catalog/upload_photo.php in Nakid CMS 0.5.2, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the core[system_path] parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "13889",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/13889"
},
{
"name" : "http://packetstormsecurity.org/1006-exploits/nakid-rfi.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1006-exploits/nakid-rfi.txt"
},
{
"name" : "40882",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40882"
},
{
"name" : "40174",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40174"
},
{
"name" : "ADV-2010-1498",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1498"
},
{
"name" : "nakidcms-uploadphoto-file-include(59453)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59453"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in modules/catalog/upload_photo.php in Nakid CMS 0.5.2, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the core[system_path] parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "nakidcms-uploadphoto-file-include(59453)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59453"
},
{
"name": "13889",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/13889"
},
{
"name": "ADV-2010-1498",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1498"
},
{
"name": "40174",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40174"
},
{
"name": "http://packetstormsecurity.org/1006-exploits/nakid-rfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1006-exploits/nakid-rfi.txt"
},
{
"name": "40882",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40882"
}
]
}
}

32
2010/2xxx/CVE-2010-2450.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2450",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2450",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2010/2xxx/CVE-2010-2496.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2496",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2496",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

128
2010/2xxx/CVE-2010-2690.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2690",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the JOOFORGE Gamesbox (com_gamesbox) component 1.0.2, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a consoles action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2690",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14126",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14126"
},
{
"name" : "41257",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41257"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the JOOFORGE Gamesbox (com_gamesbox) component 1.0.2, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a consoles action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14126",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14126"
},
{
"name": "41257",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41257"
}
]
}
}

168
2010/2xxx/CVE-2010-2752.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2752",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading Style Sheets (CSS) values in an array, related to references to external font resources and an inconsistency between 16-bit and 32-bit integers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100721 ZDI-10-133: Mozilla Firefox CSS font-face Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/512514"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-133/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-133/"
},
{
"name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-39.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-39.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=574059",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=574059"
},
{
"name" : "41852",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41852"
},
{
"name" : "oval:org.mitre.oval:def:11680",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11680"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading Style Sheets (CSS) values in an array, related to references to external font resources and an inconsistency between 16-bit and 32-bit integers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:11680",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11680"
},
{
"name": "41852",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41852"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-133/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-133/"
},
{
"name": "20100721 ZDI-10-133: Mozilla Firefox CSS font-face Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/512514"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=574059",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=574059"
},
{
"name": "http://www.mozilla.org/security/announce/2010/mfsa2010-39.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-39.html"
}
]
}
}

178
2010/2xxx/CVE-2010-2873.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2873",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Shockwave Player before 11.5.8.612 does not properly validate offset values in the rcsL RIFF chunks of (1) .DIR and (2) .DCR Director movies, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100824 ZDI-10-162: Adobe Shockwave Director rcsL Chunk Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/513307/100/0/threaded"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-162",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-162"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-20.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name" : "42682",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/42682"
},
{
"name" : "oval:org.mitre.oval:def:12042",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12042"
},
{
"name" : "1024361",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024361"
},
{
"name" : "ADV-2010-2176",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2176"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Shockwave Player before 11.5.8.612 does not properly validate offset values in the rcsL RIFF chunks of (1) .DIR and (2) .DCR Director movies, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024361",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024361"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-20.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name": "oval:org.mitre.oval:def:12042",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12042"
},
{
"name": "20100824 ZDI-10-162: Adobe Shockwave Director rcsL Chunk Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513307/100/0/threaded"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-162",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-162"
},
{
"name": "42682",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42682"
},
{
"name": "ADV-2010-2176",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2176"
}
]
}
}

228
2010/3xxx/CVE-2010-3115.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3115",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not properly implement the history feature, which might allow remote attackers to spoof the address bar via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3115",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=49964",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=49964"
},
{
"name" : "http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html"
},
{
"name" : "MDVSA-2011:039",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name" : "RHSA-2011:0177",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0177.html"
},
{
"name" : "USN-1006-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"name" : "44203",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44203"
},
{
"name" : "oval:org.mitre.oval:def:11953",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11953"
},
{
"name" : "41856",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41856"
},
{
"name" : "43086",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43086"
},
{
"name" : "ADV-2010-2722",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name" : "ADV-2011-0216",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0216"
},
{
"name" : "ADV-2011-0552",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0552"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not properly implement the history feature, which might allow remote attackers to spoof the address bar via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:039",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name": "ADV-2010-2722",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=49964",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=49964"
},
{
"name": "http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html"
},
{
"name": "USN-1006-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"name": "41856",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41856"
},
{
"name": "oval:org.mitre.oval:def:11953",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11953"
},
{
"name": "ADV-2011-0216",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0216"
},
{
"name": "43086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43086"
},
{
"name": "44203",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44203"
},
{
"name": "RHSA-2011:0177",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0177.html"
},
{
"name": "ADV-2011-0552",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0552"
}
]
}
}

138
2011/0xxx/CVE-2011-0034.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0034",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka \"OpenType Font Stack Overflow Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-0034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS11-032",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-032"
},
{
"name" : "TA11-102A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name" : "oval:org.mitre.oval:def:11860",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11860"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka \"OpenType Font Stack Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS11-032",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-032"
},
{
"name": "oval:org.mitre.oval:def:11860",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11860"
},
{
"name": "TA11-102A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
}
]
}
}

138
2011/0xxx/CVE-2011-0231.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0231",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a \"synchronization issue.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-0231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT5002",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5002"
},
{
"name" : "APPLE-SA-2011-10-12-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name" : "50085",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/50085"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a \"synchronization issue.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2011-10-12-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "http://support.apple.com/kb/HT5002",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "50085",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50085"
}
]
}
}

32
2011/0xxx/CVE-2011-0934.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0934",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0934",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2011/0xxx/CVE-2011-0953.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0953",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0953",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2011/1xxx/CVE-2011-1028.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1028",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1028",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

148
2011/1xxx/CVE-2011-1224.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1224",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points (CDP) certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner via a revoked certificate for a (1) client, (2) queue manager, or (3) application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1224",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27007069",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27007069"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014224",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014224"
},
{
"name" : "IZ92813",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg1IZ92813"
},
{
"name" : "websphere-mq-cdb-security-bypass(68229)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68229"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points (CDP) certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner via a revoked certificate for a (1) client, (2) queue manager, or (3) application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27007069",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27007069"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014224",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014224"
},
{
"name": "websphere-mq-cdb-security-bypass(68229)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68229"
},
{
"name": "IZ92813",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IZ92813"
}
]
}
}

128
2011/1xxx/CVE-2011-1845.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1845",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple memory leaks in the DataGrid control implementation in Microsoft Silverlight 4 before 4.0.60310.0 allow remote attackers to cause a denial of service (memory consumption) via an application involving (1) subscriptions to an INotifyDataErrorInfo.ErrorsChanged event or (2) a TextBlock or TextBox element."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://isc.sans.edu/diary.html?storyid=10747",
"refsource" : "MISC",
"url" : "http://isc.sans.edu/diary.html?storyid=10747"
},
{
"name" : "2526954",
"refsource" : "MSKB",
"url" : "http://support.microsoft.com/kb/2526954"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple memory leaks in the DataGrid control implementation in Microsoft Silverlight 4 before 4.0.60310.0 allow remote attackers to cause a denial of service (memory consumption) via an application involving (1) subscriptions to an INotifyDataErrorInfo.ErrorsChanged event or (2) a TextBlock or TextBox element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://isc.sans.edu/diary.html?storyid=10747",
"refsource": "MISC",
"url": "http://isc.sans.edu/diary.html?storyid=10747"
},
{
"name": "2526954",
"refsource": "MSKB",
"url": "http://support.microsoft.com/kb/2526954"
}
]
}
}

148
2011/5xxx/CVE-2011-5082.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5082",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the s2Member Pro plugin before 111220 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s2member_pro_authnet_checkout[coupon] parameter (aka Coupon Code field)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.primothemes.com/forums/viewtopic.php?f=4&t=16173#p56982",
"refsource" : "CONFIRM",
"url" : "http://www.primothemes.com/forums/viewtopic.php?f=4&t=16173#p56982"
},
{
"name" : "51997",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51997"
},
{
"name" : "47954",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47954"
},
{
"name" : "s2memberpro-couponcode-xss(73202)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73202"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the s2Member Pro plugin before 111220 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s2member_pro_authnet_checkout[coupon] parameter (aka Coupon Code field)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47954",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47954"
},
{
"name": "51997",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51997"
},
{
"name": "http://www.primothemes.com/forums/viewtopic.php?f=4&t=16173#p56982",
"refsource": "CONFIRM",
"url": "http://www.primothemes.com/forums/viewtopic.php?f=4&t=16173#p56982"
},
{
"name": "s2memberpro-couponcode-xss(73202)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73202"
}
]
}
}

148
2014/3xxx/CVE-2014-3251.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3251",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish unauthorized Mcollective connections via unspecified vectors related to a race condition."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://puppetlabs.com/security/cve/cve-2014-3251",
"refsource" : "CONFIRM",
"url" : "http://puppetlabs.com/security/cve/cve-2014-3251"
},
{
"name" : "109257",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/109257"
},
{
"name" : "59356",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59356"
},
{
"name" : "60066",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60066"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish unauthorized Mcollective connections via unspecified vectors related to a race condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "109257",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/109257"
},
{
"name": "http://puppetlabs.com/security/cve/cve-2014-3251",
"refsource": "CONFIRM",
"url": "http://puppetlabs.com/security/cve/cve-2014-3251"
},
{
"name": "60066",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60066"
},
{
"name": "59356",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59356"
}
]
}
}

128
2014/3xxx/CVE-2014-3489.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3489",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "RHSA-2014:0816",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0816.html"
},
{
"name" : "68299",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68299"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68299",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68299"
},
{
"name": "RHSA-2014:0816",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0816.html"
}
]
}
}

32
2014/3xxx/CVE-2014-3557.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3557",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3557",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

118
2014/3xxx/CVE-2014-3833.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3833",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the (1) Gallery and (2) core components in ownCloud Server before 5.016 and 6.0.x before 6.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3833",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://owncloud.org/about/security/advisories/oc-sa-2014-010",
"refsource" : "CONFIRM",
"url" : "http://owncloud.org/about/security/advisories/oc-sa-2014-010"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the (1) Gallery and (2) core components in ownCloud Server before 5.016 and 6.0.x before 6.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oc-sa-2014-010",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-010"
}
]
}
}

128
2014/6xxx/CVE-2014-6154.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6154",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in IBM Optim Performance Manager for DB2 4.1.0.1 through 4.1.1 on Linux, UNIX, and Windows and IBM InfoSphere Optim Performance Manager for DB2 5.1 through 5.3.1 on Linux, UNIX, and Windows allows remote attackers to access arbitrary files via a .. (dot dot) in a URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21696000",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21696000"
},
{
"name" : "ibm-optim-cve20146154-directory-traversal(97677)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97677"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in IBM Optim Performance Manager for DB2 4.1.0.1 through 4.1.1 on Linux, UNIX, and Windows and IBM InfoSphere Optim Performance Manager for DB2 5.1 through 5.3.1 on Linux, UNIX, and Windows allows remote attackers to access arbitrary files via a .. (dot dot) in a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-optim-cve20146154-directory-traversal(97677)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97677"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21696000",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696000"
}
]
}
}

138
2014/6xxx/CVE-2014-6350.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6350",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka \"Internet Explorer Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2014-6349."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-6350",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-065",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-065"
},
{
"name" : "70940",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70940"
},
{
"name" : "1031185",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031185"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka \"Internet Explorer Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2014-6349."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031185",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031185"
},
{
"name": "MS14-065",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-065"
},
{
"name": "70940",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70940"
}
]
}
}

138
2014/7xxx/CVE-2014-7452.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7452",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Shaklee Product Catalog (aka com.wProductCatalog) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7452",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#211489",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/211489"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Shaklee Product Catalog (aka com.wProductCatalog) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#211489",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/211489"
}
]
}
}

138
2014/7xxx/CVE-2014-7603.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7603",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Gravey Design (aka com.dreamstep.wGraveyDesign) application 0.58.13357.54919 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#715993",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/715993"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Gravey Design (aka com.dreamstep.wGraveyDesign) application 0.58.13357.54919 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#715993",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/715993"
}
]
}
}

138
2014/7xxx/CVE-2014-7629.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7629",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Yulman Stadium (aka com.dub.app.tulanestadium) application 1.4.25 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#953505",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/953505"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Yulman Stadium (aka com.dub.app.tulanestadium) application 1.4.25 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#953505",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/953505"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

148
2014/7xxx/CVE-2014-7989.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7989",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Unified Computing System on B-Series blade servers allows local users to gain shell privileges via a crafted (1) ping6 or (2) traceroute6 command, aka Bug ID CSCuq38176."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-7989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141106 Cisco Unified Computing System B-Series Servers Privilege Escalation Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7989"
},
{
"name" : "70969",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70969"
},
{
"name" : "1031178",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031178"
},
{
"name" : "cisco-ucs-cve20147989-priv-esc(98530)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98530"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Unified Computing System on B-Series blade servers allows local users to gain shell privileges via a crafted (1) ping6 or (2) traceroute6 command, aka Bug ID CSCuq38176."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70969",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70969"
},
{
"name": "1031178",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031178"
},
{
"name": "cisco-ucs-cve20147989-priv-esc(98530)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98530"
},
{
"name": "20141106 Cisco Unified Computing System B-Series Servers Privilege Escalation Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7989"
}
]
}
}

128
2014/8xxx/CVE-2014-8513.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8513",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8514 and CVE-2014-9188. NOTE: this may be clarified later based on details provided by researchers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8513",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01"
},
{
"name" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01",
"refsource" : "CONFIRM",
"url" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8514 and CVE-2014-9188. NOTE: this may be clarified later based on details provided by researchers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01",
"refsource": "CONFIRM",
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01"
}
]
}
}

32
2014/8xxx/CVE-2014-8798.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8798",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8798",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

648
2016/2xxx/CVE-2016-2109.json
View File

@ -1,327 +1,327 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"ID" : "CVE-2016-2109",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
},
{
"name" : "https://git.openssl.org/?p=openssl.git;a=commit;h=c62981390d6cf9e3d612c489b8b77c2913b25807",
"refsource" : "CONFIRM",
"url" : "https://git.openssl.org/?p=openssl.git;a=commit;h=c62981390d6cf9e3d612c489b8b77c2913b25807"
},
{
"name" : "https://www.openssl.org/news/secadv/20160503.txt",
"refsource" : "CONFIRM",
"url" : "https://www.openssl.org/news/secadv/20160503.txt"
},
{
"name" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202",
"refsource" : "CONFIRM",
"url" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
},
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10160",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10160"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name" : "https://support.apple.com/HT206903",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT206903"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
},
{
"name" : "https://bto.bluecoat.com/security-advisory/sa123",
"refsource" : "CONFIRM",
"url" : "https://bto.bluecoat.com/security-advisory/sa123"
},
{
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
"refsource" : "CONFIRM",
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name" : "https://www.tenable.com/security/tns-2016-18",
"refsource" : "CONFIRM",
"url" : "https://www.tenable.com/security/tns-2016-18"
},
{
"name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us"
},
{
"name" : "https://source.android.com/security/bulletin/2017-07-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20160504-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20160504-0001/"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name" : "APPLE-SA-2016-07-18-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name" : "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
},
{
"name" : "DSA-3566",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3566"
},
{
"name" : "FreeBSD-SA-16:17",
"refsource" : "FREEBSD",
"url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc"
},
{
"name" : "GLSA-201612-16",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201612-16"
},
{
"name" : "RHSA-2016:0722",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
},
{
"name" : "RHSA-2016:0996",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
},
{
"name" : "RHSA-2016:2056",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
},
{
"name" : "RHSA-2016:2073",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
},
{
"name" : "RHSA-2016:2957",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"name" : "SSA:2016-124-01",
"refsource" : "SLACKWARE",
"url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103"
},
{
"name" : "SUSE-SU-2016:1206",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
},
{
"name" : "SUSE-SU-2016:1228",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
},
{
"name" : "SUSE-SU-2016:1231",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
},
{
"name" : "SUSE-SU-2016:1233",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
},
{
"name" : "openSUSE-SU-2016:1237",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
},
{
"name" : "openSUSE-SU-2016:1238",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
},
{
"name" : "openSUSE-SU-2016:1239",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
},
{
"name" : "openSUSE-SU-2016:1240",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
},
{
"name" : "openSUSE-SU-2016:1241",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
},
{
"name" : "SUSE-SU-2016:1267",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
},
{
"name" : "openSUSE-SU-2016:1242",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
},
{
"name" : "openSUSE-SU-2016:1243",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
},
{
"name" : "openSUSE-SU-2016:1273",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
},
{
"name" : "SUSE-SU-2016:1290",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
},
{
"name" : "SUSE-SU-2016:1360",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
},
{
"name" : "USN-2959-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2959-1"
},
{
"name" : "91787",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91787"
},
{
"name" : "87940",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/87940"
},
{
"name" : "1035721",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035721"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
},
{
"name": "SSA:2016-124-01",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103"
},
{
"name": "RHSA-2016:2056",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
},
{
"name": "openSUSE-SU-2016:1238",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
},
{
"name": "openSUSE-SU-2016:1242",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "SUSE-SU-2016:1267",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
},
{
"name": "RHSA-2016:2073",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "DSA-3566",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3566"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10160",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10160"
},
{
"name": "openSUSE-SU-2016:1243",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
},
{
"name": "https://source.android.com/security/bulletin/2017-07-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name": "GLSA-201612-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"name": "SUSE-SU-2016:1228",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
},
{
"name": "1035721",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035721"
},
{
"name": "openSUSE-SU-2016:1239",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
},
{
"name": "SUSE-SU-2016:1206",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
},
{
"name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "SUSE-SU-2016:1231",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "openSUSE-SU-2016:1240",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
},
{
"name": "openSUSE-SU-2016:1241",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
},
{
"name": "APPLE-SA-2016-07-18-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "SUSE-SU-2016:1360",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
},
{
"name": "https://www.tenable.com/security/tns-2016-18",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-18"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "SUSE-SU-2016:1233",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
},
{
"name": "openSUSE-SU-2016:1237",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
},
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202",
"refsource": "CONFIRM",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
},
{
"name": "RHSA-2016:0996",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20160504-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
},
{
"name": "https://git.openssl.org/?p=openssl.git;a=commit;h=c62981390d6cf9e3d612c489b8b77c2913b25807",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/?p=openssl.git;a=commit;h=c62981390d6cf9e3d612c489b8b77c2913b25807"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "SUSE-SU-2016:1290",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
},
{
"name": "openSUSE-SU-2016:1273",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
},
{
"name": "RHSA-2016:2957",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"name": "USN-2959-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2959-1"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "87940",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/87940"
},
{
"name": "RHSA-2016:0722",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
},
{
"name": "FreeBSD-SA-16:17",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc"
},
{
"name": "https://www.openssl.org/news/secadv/20160503.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv/20160503.txt"
},
{
"name": "https://support.apple.com/HT206903",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206903"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa123",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa123"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"
}
]
}
}

32
2016/2xxx/CVE-2016-2227.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2227",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2227",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

148
2016/6xxx/CVE-2016-6853.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6853",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code and references to external websites can be injected to the names of PGP public keys. When requesting that key later on using a specific URL, such script code might get executed. In case of injecting external websites, users might get lured into a phishing scheme. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20160913 Open-Xchange Security Advisory 2016-09-13 (2)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/539395/100/0/threaded"
},
{
"name" : "40377",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40377/"
},
{
"name" : "http://packetstormsecurity.com/files/138701/Open-Xchange-Guard-2.4.2-Cross-Site-Scripting.html",
"refsource" : "CONFIRM",
"url" : "http://packetstormsecurity.com/files/138701/Open-Xchange-Guard-2.4.2-Cross-Site-Scripting.html"
},
{
"name" : "92920",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92920"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code and references to external websites can be injected to the names of PGP public keys. When requesting that key later on using a specific URL, such script code might get executed. In case of injecting external websites, users might get lured into a phishing scheme. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92920",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92920"
},
{
"name": "http://packetstormsecurity.com/files/138701/Open-Xchange-Guard-2.4.2-Cross-Site-Scripting.html",
"refsource": "CONFIRM",
"url": "http://packetstormsecurity.com/files/138701/Open-Xchange-Guard-2.4.2-Cross-Site-Scripting.html"
},
{
"name": "40377",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40377/"
},
{
"name": "20160913 Open-Xchange Security Advisory 2016-09-13 (2)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539395/100/0/threaded"
}
]
}
}

32
2017/1xxx/CVE-2017-1050.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1050",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1050",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2017/1xxx/CVE-2017-1111.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1111",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1111",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2017/1xxx/CVE-2017-1389.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1389",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1389",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

178
2017/5xxx/CVE-2017-5013.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-5013",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Google Chrome prior to 56.0.2924.76 for Linux",
"version" : {
"version_data" : [
{
"version_value" : "Google Chrome prior to 56.0.2924.76 for Linux"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new tab page navigations in non-selected tabs, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "insufficient policy enforcement"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 56.0.2924.76 for Linux",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 56.0.2924.76 for Linux"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
},
{
"name" : "https://crbug.com/677716",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/677716"
},
{
"name" : "DSA-3776",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3776"
},
{
"name" : "GLSA-201701-66",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-66"
},
{
"name" : "RHSA-2017:0206",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0206.html"
},
{
"name" : "95792",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95792"
},
{
"name" : "1037718",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037718"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new tab page navigations in non-selected tabs, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "insufficient policy enforcement"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95792",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95792"
},
{
"name": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
},
{
"name": "GLSA-201701-66",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-66"
},
{
"name": "RHSA-2017:0206",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0206.html"
},
{
"name": "https://crbug.com/677716",
"refsource": "CONFIRM",
"url": "https://crbug.com/677716"
},
{
"name": "1037718",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037718"
},
{
"name": "DSA-3776",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3776"
}
]
}
}

128
2017/5xxx/CVE-2017-5201.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5201",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability than CVE-2016-3064."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://security.netapp.com/advisory/ntap-20170809-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20170809-0001/"
},
{
"name" : "101776",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101776"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability than CVE-2016-3064."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101776",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101776"
},
{
"name": "https://security.netapp.com/advisory/ntap-20170809-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20170809-0001/"
}
]
}
}

138
2017/5xxx/CVE-2017-5521.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5521",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices. They are prone to password disclosure via simple crafted requests to the web management server. The bug is exploitable remotely if the remote management option is set, and can also be exploited given access to the router over LAN or WLAN. When trying to access the web panel, a user is asked to authenticate; if the authentication is canceled and password recovery is not enabled, the user is redirected to a page that exposes a password recovery token. If a user supplies the correct token to the page /passwordrecovered.cgi?id=TOKEN (and password recovery is not enabled), they will receive the admin password for the router. If password recovery is set the exploit will fail, as it will ask the user for the recovery questions that were previously set when enabling that feature. This is persistent (even after disabling the recovery option, the exploit will fail) because the router will ask for the security questions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "41205",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41205/"
},
{
"name" : "http://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability",
"refsource" : "CONFIRM",
"url" : "http://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability"
},
{
"name" : "95457",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95457"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices. They are prone to password disclosure via simple crafted requests to the web management server. The bug is exploitable remotely if the remote management option is set, and can also be exploited given access to the router over LAN or WLAN. When trying to access the web panel, a user is asked to authenticate; if the authentication is canceled and password recovery is not enabled, the user is redirected to a page that exposes a password recovery token. If a user supplies the correct token to the page /passwordrecovered.cgi?id=TOKEN (and password recovery is not enabled), they will receive the admin password for the router. If password recovery is set the exploit will fail, as it will ask the user for the recovery questions that were previously set when enabling that feature. This is persistent (even after disabling the recovery option, the exploit will fail) because the router will ask for the security questions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41205",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41205/"
},
{
"name": "http://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability",
"refsource": "CONFIRM",
"url": "http://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability"
},
{
"name": "95457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95457"
}
]
}
}

138
2017/5xxx/CVE-2017-5545.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5545",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/libimobiledevice/libplist/commit/7391a506352c009fe044dead7baad9e22dd279ee",
"refsource" : "CONFIRM",
"url" : "https://github.com/libimobiledevice/libplist/commit/7391a506352c009fe044dead7baad9e22dd279ee"
},
{
"name" : "https://github.com/libimobiledevice/libplist/issues/87",
"refsource" : "CONFIRM",
"url" : "https://github.com/libimobiledevice/libplist/issues/87"
},
{
"name" : "95702",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95702"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/libimobiledevice/libplist/commit/7391a506352c009fe044dead7baad9e22dd279ee",
"refsource": "CONFIRM",
"url": "https://github.com/libimobiledevice/libplist/commit/7391a506352c009fe044dead7baad9e22dd279ee"
},
{
"name": "https://github.com/libimobiledevice/libplist/issues/87",
"refsource": "CONFIRM",
"url": "https://github.com/libimobiledevice/libplist/issues/87"
},
{
"name": "95702",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95702"
}
]
}
}

120
2017/5xxx/CVE-2017-5698.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"DATE_PUBLIC" : "2017-09-28T00:00:00",
"ID" : "CVE-2017-5698",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology",
"version" : {
"version_data" : [
{
"version_value" : "version 11.0.25.3001 and 11.0.26.3000"
}
]
}
}
]
},
"vendor_name" : "Intel Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be performed by a local user with administrative privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Escalation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2017-09-28T00:00:00",
"ID": "CVE-2017-5698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology",
"version": {
"version_data": [
{
"version_value": "version 11.0.25.3001 and 11.0.26.3000"
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00082&languageid=en-fr",
"refsource" : "CONFIRM",
"url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00082&languageid=en-fr"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be performed by a local user with administrative privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00082&languageid=en-fr",
"refsource": "CONFIRM",
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00082&languageid=en-fr"
}
]
}
}