admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:19:15 +00:00
parent 44c1d4a4f6
commit 1fa68f5c03
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
54 changed files with 4137 additions and 4137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

448
2006/2xxx/CVE-2006-2444.json
View File

@ -1,227 +1,227 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2444",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The snmp_trap_decode function in the SNMP NAT helper for Linux kernel before 2.6.16.18 allows remote attackers to cause a denial of service (crash) via unspecified remote attack vectors that cause failures in snmp_trap_decode that trigger (1) frees of random memory or (2) frees of previously-freed memory (double-free) by snmp_trap_decode as well as its calling function, as demonstrated via certain test cases of the PROTOS SNMP test suite."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-2444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.18",
"refsource" : "CONFIRM",
"url" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.18"
},
{
"name" : "http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=commit;h=1db6b5a66e93ff125ab871d6b3f7363412cc87e8",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=commit;h=1db6b5a66e93ff125ab871d6b3f7363412cc87e8"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm"
},
{
"name" : "DSA-1183",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1183"
},
{
"name" : "DSA-1184",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1184"
},
{
"name" : "MDKSA-2006:087",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:087"
},
{
"name" : "RHSA-2006:0580",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0580.html"
},
{
"name" : "RHSA-2006:0437",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0437.html"
},
{
"name" : "RHSA-2006:0617",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0617.html"
},
{
"name" : "SUSE-SA:2006:042",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_42_kernel.html"
},
{
"name" : "SUSE-SA:2006:047",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_47_kernel.html"
},
{
"name" : "SUSE-SA:2006:064",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_64_kernel.html"
},
{
"name" : "USN-302-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-302-1"
},
{
"name" : "VU#681569",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/681569"
},
{
"name" : "18081",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18081"
},
{
"name" : "oval:org.mitre.oval:def:11318",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11318"
},
{
"name" : "ADV-2006-1916",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1916"
},
{
"name" : "25750",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25750"
},
{
"name" : "1016153",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016153"
},
{
"name" : "20225",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20225"
},
{
"name" : "20182",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20182"
},
{
"name" : "20716",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20716"
},
{
"name" : "21035",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21035"
},
{
"name" : "21136",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21136"
},
{
"name" : "21179",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21179"
},
{
"name" : "21605",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21605"
},
{
"name" : "21983",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21983"
},
{
"name" : "22082",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22082"
},
{
"name" : "22093",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22093"
},
{
"name" : "22174",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22174"
},
{
"name" : "22822",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22822"
},
{
"name" : "21498",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21498"
},
{
"name" : "linux-snmp-nathelper-dos(26594)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26594"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The snmp_trap_decode function in the SNMP NAT helper for Linux kernel before 2.6.16.18 allows remote attackers to cause a denial of service (crash) via unspecified remote attack vectors that cause failures in snmp_trap_decode that trigger (1) frees of random memory or (2) frees of previously-freed memory (double-free) by snmp_trap_decode as well as its calling function, as demonstrated via certain test cases of the PROTOS SNMP test suite."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2006:0437",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0437.html"
},
{
"name": "SUSE-SA:2006:042",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_42_kernel.html"
},
{
"name": "1016153",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016153"
},
{
"name": "RHSA-2006:0617",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0617.html"
},
{
"name": "20716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20716"
},
{
"name": "21605",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21605"
},
{
"name": "SUSE-SA:2006:047",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_47_kernel.html"
},
{
"name": "25750",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25750"
},
{
"name": "21136",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21136"
},
{
"name": "DSA-1183",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1183"
},
{
"name": "20182",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20182"
},
{
"name": "USN-302-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-302-1"
},
{
"name": "ADV-2006-1916",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1916"
},
{
"name": "22082",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22082"
},
{
"name": "21983",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21983"
},
{
"name": "SUSE-SA:2006:064",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_64_kernel.html"
},
{
"name": "21035",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21035"
},
{
"name": "22174",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22174"
},
{
"name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.18",
"refsource": "CONFIRM",
"url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.18"
},
{
"name": "oval:org.mitre.oval:def:11318",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11318"
},
{
"name": "RHSA-2006:0580",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0580.html"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm"
},
{
"name": "22822",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22822"
},
{
"name": "20225",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20225"
},
{
"name": "18081",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18081"
},
{
"name": "linux-snmp-nathelper-dos(26594)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26594"
},
{
"name": "21498",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21498"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm"
},
{
"name": "VU#681569",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/681569"
},
{
"name": "http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=commit;h=1db6b5a66e93ff125ab871d6b3f7363412cc87e8",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=commit;h=1db6b5a66e93ff125ab871d6b3f7363412cc87e8"
},
{
"name": "22093",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22093"
},
{
"name": "MDKSA-2006:087",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:087"
},
{
"name": "DSA-1184",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1184"
},
{
"name": "21179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21179"
}
]
}
}

238
2006/2xxx/CVE-2006-2548.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2548",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Prodder before 0.5, and perlpodder before 0.5, allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast (url attribute of an enclosure tag, or $enc_url variable), which is executed when running wget."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060522 Prodder Remote Arbitrary Command Execution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/434712/100/0/threaded"
},
{
"name" : "20060522 Prodder Remote Arbitrary Command Execution",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0567.html"
},
{
"name" : "http://www.redteam-pentesting.de/advisories/rt-sa-2006-002.php",
"refsource" : "MISC",
"url" : "http://www.redteam-pentesting.de/advisories/rt-sa-2006-002.php"
},
{
"name" : "http://www.redteam-pentesting.de/advisories/rt-sa-2006-003.php",
"refsource" : "MISC",
"url" : "http://www.redteam-pentesting.de/advisories/rt-sa-2006-003.php"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=418189&group_id=148643",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=418189&group_id=148643"
},
{
"name" : "18068",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18068"
},
{
"name" : "ADV-2006-1905",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1905"
},
{
"name" : "25690",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25690"
},
{
"name" : "20208",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20208"
},
{
"name" : "20238",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20238"
},
{
"name" : "942",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/942"
},
{
"name" : "prodder-encurl-command-execution(26568)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26568"
},
{
"name" : "perlpodder-dlset-command-execution(26575)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26575"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Prodder before 0.5, and perlpodder before 0.5, allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast (url attribute of an enclosure tag, or $enc_url variable), which is executed when running wget."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "perlpodder-dlset-command-execution(26575)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26575"
},
{
"name": "20060522 Prodder Remote Arbitrary Command Execution",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0567.html"
},
{
"name": "18068",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18068"
},
{
"name": "prodder-encurl-command-execution(26568)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26568"
},
{
"name": "20060522 Prodder Remote Arbitrary Command Execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434712/100/0/threaded"
},
{
"name": "ADV-2006-1905",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1905"
},
{
"name": "http://www.redteam-pentesting.de/advisories/rt-sa-2006-002.php",
"refsource": "MISC",
"url": "http://www.redteam-pentesting.de/advisories/rt-sa-2006-002.php"
},
{
"name": "25690",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25690"
},
{
"name": "20238",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20238"
},
{
"name": "http://www.redteam-pentesting.de/advisories/rt-sa-2006-003.php",
"refsource": "MISC",
"url": "http://www.redteam-pentesting.de/advisories/rt-sa-2006-003.php"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=418189&group_id=148643",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=418189&group_id=148643"
},
{
"name": "20208",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20208"
},
{
"name": "942",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/942"
}
]
}
}

138
2006/2xxx/CVE-2006-2577.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2577",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) where_cms, (2) where_lms, (3) where_upgrade, (4) BBC_LIB_PATH, and (5) BBC_LANGUAGE_PATH parameters in various unspecified scripts. NOTE: the provenance of some of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "25757",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25757"
},
{
"name" : "20260",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20260"
},
{
"name" : "docebo-multiple-file-include(26633)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26633"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) where_cms, (2) where_lms, (3) where_upgrade, (4) BBC_LIB_PATH, and (5) BBC_LANGUAGE_PATH parameters in various unspecified scripts. NOTE: the provenance of some of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25757",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25757"
},
{
"name": "docebo-multiple-file-include(26633)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26633"
},
{
"name": "20260",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20260"
}
]
}
}

158
2006/2xxx/CVE-2006-2689.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2689",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in EVA-Web 2.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) debut_image parameter in (a) article-album.php3, (2) date parameter in (b) rubrique.php3, and the (3) perso and (4) aide parameters to (c) an unknown script, probably index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/05/eva-web-212-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/05/eva-web-212-vuln.html"
},
{
"name" : "18161",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18161"
},
{
"name" : "ADV-2006-2048",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2048"
},
{
"name" : "20279",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20279"
},
{
"name" : "evaweb-multiple-xss(26891)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26891"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in EVA-Web 2.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) debut_image parameter in (a) article-album.php3, (2) date parameter in (b) rubrique.php3, and the (3) perso and (4) aide parameters to (c) an unknown script, probably index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20279",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20279"
},
{
"name": "http://pridels0.blogspot.com/2006/05/eva-web-212-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/05/eva-web-212-vuln.html"
},
{
"name": "ADV-2006-2048",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2048"
},
{
"name": "evaweb-multiple-xss(26891)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26891"
},
{
"name": "18161",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18161"
}
]
}
}

158
2006/3xxx/CVE-2006-3005.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3005",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted JPEG file that exceeds the intended memory limits."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=130889",
"refsource" : "CONFIRM",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=130889"
},
{
"name" : "GLSA-200606-11",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200606-11.xml"
},
{
"name" : "26317",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26317"
},
{
"name" : "20563",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20563"
},
{
"name" : "jpeg-medialibs-dos(31451)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31451"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted JPEG file that exceeds the intended memory limits."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200606-11",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-11.xml"
},
{
"name": "20563",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20563"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=130889",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=130889"
},
{
"name": "26317",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26317"
},
{
"name": "jpeg-medialibs-dos(31451)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31451"
}
]
}
}

148
2006/3xxx/CVE-2006-3037.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3037",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in publish.php in ST AdManager Lite allow remote attackers to inject arbitrary web script or HTML via the (1) title, (2) description, (3) article, (4) bio, and (5) name parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060609 ST AdManager Lite v1",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/436657/30/0/threaded"
},
{
"name" : "ADV-2006-2303",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2303"
},
{
"name" : "20598",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20598"
},
{
"name" : "admanager-submit-xss(27161)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27161"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in publish.php in ST AdManager Lite allow remote attackers to inject arbitrary web script or HTML via the (1) title, (2) description, (3) article, (4) bio, and (5) name parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "admanager-submit-xss(27161)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27161"
},
{
"name": "ADV-2006-2303",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2303"
},
{
"name": "20598",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20598"
},
{
"name": "20060609 ST AdManager Lite v1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436657/30/0/threaded"
}
]
}
}

118
2006/3xxx/CVE-2006-3263.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3263",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mamboserver.com/?option=com_content&task=view&id=207",
"refsource" : "CONFIRM",
"url" : "http://www.mamboserver.com/?option=com_content&task=view&id=207"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mamboserver.com/?option=com_content&task=view&id=207",
"refsource": "CONFIRM",
"url": "http://www.mamboserver.com/?option=com_content&task=view&id=207"
}
]
}
}

148
2006/3xxx/CVE-2006-3411.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3411",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TLS handshakes in Tor before 0.1.1.20 generate public-private keys based on TLS context rather than the connection, which makes it easier for remote attackers to conduct brute force attacks on the encryption keys."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tor.eff.org/cvs/tor/ChangeLog",
"refsource" : "CONFIRM",
"url" : "http://tor.eff.org/cvs/tor/ChangeLog"
},
{
"name" : "GLSA-200606-04",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200606-04.xml"
},
{
"name" : "25876",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25876"
},
{
"name" : "20514",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20514"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TLS handshakes in Tor before 0.1.1.20 generate public-private keys based on TLS context rather than the connection, which makes it easier for remote attackers to conduct brute force attacks on the encryption keys."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25876",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25876"
},
{
"name": "20514",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20514"
},
{
"name": "GLSA-200606-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200606-04.xml"
},
{
"name": "http://tor.eff.org/cvs/tor/ChangeLog",
"refsource": "CONFIRM",
"url": "http://tor.eff.org/cvs/tor/ChangeLog"
}
]
}
}

168
2006/4xxx/CVE-2006-4522.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4522",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in dtterm in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code with root privileges via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "IY89045",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY89045"
},
{
"name" : "IY89052",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY89052"
},
{
"name" : "19786",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19786"
},
{
"name" : "ADV-2006-3422",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3422"
},
{
"name" : "28275",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28275"
},
{
"name" : "21673",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21673"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in dtterm in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code with root privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21673",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21673"
},
{
"name": "28275",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28275"
},
{
"name": "IY89052",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY89052"
},
{
"name": "19786",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19786"
},
{
"name": "ADV-2006-3422",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3422"
},
{
"name": "IY89045",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY89045"
}
]
}
}

128
2006/6xxx/CVE-2006-6252.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6252",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows Live Messenger 8.0 and earlier, when gestual emoticons are enabled, allows remote attackers to cause a denial of service (CPU consumption) via a long string composed of \":D\" sequences, which are interpreted as emoticons."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061124 DoS in Microsoft Windows Live Messenger <= 8.0",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/452620/100/0/threaded"
},
{
"name" : "20061125 Re: DoS in Microsoft Windows Live Messenger <= 8.0",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/452645/100/0/threaded"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Windows Live Messenger 8.0 and earlier, when gestual emoticons are enabled, allows remote attackers to cause a denial of service (CPU consumption) via a long string composed of \":D\" sequences, which are interpreted as emoticons."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061125 Re: DoS in Microsoft Windows Live Messenger <= 8.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452645/100/0/threaded"
},
{
"name": "20061124 DoS in Microsoft Windows Live Messenger <= 8.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452620/100/0/threaded"
}
]
}
}

118
2006/6xxx/CVE-2006-6687.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6687",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Web Automated Perl Portal (WebAPP) 0.9.9.4, and 0.9.9.3.4 Network Edition (NE) (aka WebAPP.NET), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "21684",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21684"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Web Automated Perl Portal (WebAPP) 0.9.9.4, and 0.9.9.3.4 Network Edition (NE) (aka WebAPP.NET), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21684",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21684"
}
]
}
}

148
2006/6xxx/CVE-2006-6770.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6770",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Jinzora Media Jukebox 2.7 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter in (1) popup.php, (2) rss.php, (3) ajax_request.php, and (4) mediabroadcast.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3003",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3003"
},
{
"name" : "21741",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21741"
},
{
"name" : "ADV-2006-5177",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/5177"
},
{
"name" : "23501",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23501"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Jinzora Media Jukebox 2.7 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter in (1) popup.php, (2) rss.php, (3) ajax_request.php, and (4) mediabroadcast.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21741",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21741"
},
{
"name": "3003",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3003"
},
{
"name": "23501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23501"
},
{
"name": "ADV-2006-5177",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5177"
}
]
}
}

148
2006/6xxx/CVE-2006-6774.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6774",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in socios/maquetacion_socio.php (members/maquetacion_member.php) in Ciberia Content Federator 1.0 allows remote attackers to execute arbitrary PHP code via the path parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3008",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3008"
},
{
"name" : "21757",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21757"
},
{
"name" : "ADV-2006-5180",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/5180"
},
{
"name" : "23498",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23498"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in socios/maquetacion_socio.php (members/maquetacion_member.php) in Ciberia Content Federator 1.0 allows remote attackers to execute arbitrary PHP code via the path parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3008",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3008"
},
{
"name": "23498",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23498"
},
{
"name": "21757",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21757"
},
{
"name": "ADV-2006-5180",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5180"
}
]
}
}

128
2006/7xxx/CVE-2006-7190.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7190",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in cgi-bin/user-lib/topics.pl in web-app.net WebAPP before 20060515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the viewnews function, related to use of doubbctopic instead of doubbc."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.web-app.net/cgi-bin/index.cgi?action=downloadinfo&cat=pastversions&id=1",
"refsource" : "CONFIRM",
"url" : "http://www.web-app.net/cgi-bin/index.cgi?action=downloadinfo&cat=pastversions&id=1"
},
{
"name" : "http://www.web-app.net/cgi-bin/index.cgi?action=redirectd&cat=pastversions&id=1",
"refsource" : "CONFIRM",
"url" : "http://www.web-app.net/cgi-bin/index.cgi?action=redirectd&cat=pastversions&id=1"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in cgi-bin/user-lib/topics.pl in web-app.net WebAPP before 20060515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the viewnews function, related to use of doubbctopic instead of doubbc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.web-app.net/cgi-bin/index.cgi?action=downloadinfo&cat=pastversions&id=1",
"refsource": "CONFIRM",
"url": "http://www.web-app.net/cgi-bin/index.cgi?action=downloadinfo&cat=pastversions&id=1"
},
{
"name": "http://www.web-app.net/cgi-bin/index.cgi?action=redirectd&cat=pastversions&id=1",
"refsource": "CONFIRM",
"url": "http://www.web-app.net/cgi-bin/index.cgi?action=redirectd&cat=pastversions&id=1"
}
]
}
}

168
2011/0xxx/CVE-2011-0056.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0056",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving exception timing and a large number of string values, aka an \"atom map\" issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-05.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-05.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=622015",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=622015"
},
{
"name" : "http://downloads.avaya.com/css/P8/documents/100133195",
"refsource" : "CONFIRM",
"url" : "http://downloads.avaya.com/css/P8/documents/100133195"
},
{
"name" : "MDVSA-2011:041",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:041"
},
{
"name" : "46650",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46650"
},
{
"name" : "oval:org.mitre.oval:def:14013",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14013"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving exception timing and a large number of string values, aka an \"atom map\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:14013",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14013"
},
{
"name": "http://downloads.avaya.com/css/P8/documents/100133195",
"refsource": "CONFIRM",
"url": "http://downloads.avaya.com/css/P8/documents/100133195"
},
{
"name": "MDVSA-2011:041",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:041"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=622015",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=622015"
},
{
"name": "http://www.mozilla.org/security/announce/2011/mfsa2011-05.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2011/mfsa2011-05.html"
},
{
"name": "46650",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46650"
}
]
}
}

178
2011/0xxx/CVE-2011-0138.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0138",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-0138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4554",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4554"
},
{
"name" : "http://support.apple.com/kb/HT4564",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4564"
},
{
"name" : "http://support.apple.com/kb/HT4566",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4566"
},
{
"name" : "APPLE-SA-2011-03-02-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html"
},
{
"name" : "APPLE-SA-2011-03-09-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html"
},
{
"name" : "APPLE-SA-2011-03-09-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
},
{
"name" : "oval:org.mitre.oval:def:17452",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17452"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT4564",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4564"
},
{
"name": "http://support.apple.com/kb/HT4566",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4566"
},
{
"name": "APPLE-SA-2011-03-02-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html"
},
{
"name": "APPLE-SA-2011-03-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html"
},
{
"name": "http://support.apple.com/kb/HT4554",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4554"
},
{
"name": "APPLE-SA-2011-03-09-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
},
{
"name": "oval:org.mitre.oval:def:17452",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17452"
}
]
}
}

158
2011/0xxx/CVE-2011-0551.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0551",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the Web Interface in the Endpoint Protection Manager in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.6300 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110810_00",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110810_00"
},
{
"name" : "49101",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/49101"
},
{
"name" : "74467",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/74467"
},
{
"name" : "1025919",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025919"
},
{
"name" : "43662",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43662"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the Web Interface in the Endpoint Protection Manager in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.6300 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1025919",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025919"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110810_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110810_00"
},
{
"name": "43662",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43662"
},
{
"name": "49101",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49101"
},
{
"name": "74467",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/74467"
}
]
}
}

158
2011/0xxx/CVE-2011-0716.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0716",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The br_multicast_add_group function in net/bridge/br_multicast.c in the Linux kernel before 2.6.38, when a certain Ethernet bridge configuration is used, allows local users to cause a denial of service (memory corruption and system crash) by sending IGMP packets to a local interface."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-0716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110217 Re: CVE request -- kernel: deficiency in processing igmp host membership reports in br_multicast",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/02/17/2"
},
{
"name" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38",
"refsource" : "CONFIRM",
"url" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6b0d6a9b4296fa16a28d10d416db7a770fc03287",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6b0d6a9b4296fa16a28d10d416db7a770fc03287"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=678169",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=678169"
},
{
"name" : "https://github.com/torvalds/linux/commit/6b0d6a9b4296fa16a28d10d416db7a770fc03287",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/6b0d6a9b4296fa16a28d10d416db7a770fc03287"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The br_multicast_add_group function in net/bridge/br_multicast.c in the Linux kernel before 2.6.38, when a certain Ethernet bridge configuration is used, allows local users to cause a denial of service (memory corruption and system crash) by sending IGMP packets to a local interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6b0d6a9b4296fa16a28d10d416db7a770fc03287",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6b0d6a9b4296fa16a28d10d416db7a770fc03287"
},
{
"name": "[oss-security] 20110217 Re: CVE request -- kernel: deficiency in processing igmp host membership reports in br_multicast",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/02/17/2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=678169",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=678169"
},
{
"name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38",
"refsource": "CONFIRM",
"url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38"
},
{
"name": "https://github.com/torvalds/linux/commit/6b0d6a9b4296fa16a28d10d416db7a770fc03287",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/6b0d6a9b4296fa16a28d10d416db7a770fc03287"
}
]
}
}

168
2011/0xxx/CVE-2011-0734.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0734",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via an id parameter containing a JavaScript onLoad event handler for a BODY element, related to a \"tag body\" attack. NOTE: this was originally reported as affecting 9.0.1 CHF1 and earlier."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110128 Vulnerabilities in Adobe ColdFusion",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0537.html"
},
{
"name" : "http://websecurity.com.ua/4879/",
"refsource" : "MISC",
"url" : "http://websecurity.com.ua/4879/"
},
{
"name" : "http://kb2.adobe.com/cps/890/cpsid_89094.html",
"refsource" : "CONFIRM",
"url" : "http://kb2.adobe.com/cps/890/cpsid_89094.html"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb11-04.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb11-04.html"
},
{
"name" : "70778",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70778"
},
{
"name" : "1025012",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025012"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via an id parameter containing a JavaScript onLoad event handler for a BODY element, related to a \"tag body\" attack. NOTE: this was originally reported as affecting 9.0.1 CHF1 and earlier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70778",
"refsource": "OSVDB",
"url": "http://osvdb.org/70778"
},
{
"name": "http://websecurity.com.ua/4879/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/4879/"
},
{
"name": "http://kb2.adobe.com/cps/890/cpsid_89094.html",
"refsource": "CONFIRM",
"url": "http://kb2.adobe.com/cps/890/cpsid_89094.html"
},
{
"name": "1025012",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025012"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-04.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-04.html"
},
{
"name": "20110128 Vulnerabilities in Adobe ColdFusion",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0537.html"
}
]
}
}

468
2011/0xxx/CVE-2011-0865.json
View File

@ -1,237 +1,237 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0865",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2011-0865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100144512",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100144512"
},
{
"name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-015/index.html",
"refsource" : "CONFIRM",
"url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-015/index.html"
},
{
"name" : "http://www.ibm.com/developerworks/java/jdk/alerts/",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"name" : "DSA-2311",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2311"
},
{
"name" : "GLSA-201406-32",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name" : "HPSBUX02697",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=132439520301822&w=2"
},
{
"name" : "SSRT100591",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=132439520301822&w=2"
},
{
"name" : "HPSBMU02797",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name" : "HPSBUX02777",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133728004526190&w=2"
},
{
"name" : "SSRT100854",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133728004526190&w=2"
},
{
"name" : "SSRT100867",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name" : "HPSBMU02799",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
},
{
"name" : "MDVSA-2011:126",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:126"
},
{
"name" : "RHSA-2011:0856",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0856.html"
},
{
"name" : "RHSA-2011:0857",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0857.html"
},
{
"name" : "RHSA-2011:0860",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0860.html"
},
{
"name" : "RHSA-2011:0938",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0938.html"
},
{
"name" : "RHSA-2011:1087",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-1087.html"
},
{
"name" : "RHSA-2011:1159",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-1159.html"
},
{
"name" : "RHSA-2011:1265",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-1265.html"
},
{
"name" : "RHSA-2013:1455",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name" : "SUSE-SA:2011:032",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00002.html"
},
{
"name" : "SUSE-SA:2011:030",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00003.html"
},
{
"name" : "SUSE-SA:2011:036",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00022.html"
},
{
"name" : "SUSE-SU-2011:0807",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00009.html"
},
{
"name" : "SUSE-SU-2011:0863",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00001.html"
},
{
"name" : "SUSE-SU-2011:0966",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00025.html"
},
{
"name" : "openSUSE-SU-2011:0633",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00003.html"
},
{
"name" : "TA11-201A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html"
},
{
"name" : "oval:org.mitre.oval:def:14081",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14081"
},
{
"name" : "oval:org.mitre.oval:def:14463",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14463"
},
{
"name" : "44818",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44818"
},
{
"name" : "44930",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44930"
},
{
"name" : "49198",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49198"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-015/index.html",
"refsource": "CONFIRM",
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-015/index.html"
},
{
"name": "SUSE-SU-2011:0863",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00001.html"
},
{
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "HPSBMU02799",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
},
{
"name": "oval:org.mitre.oval:def:14081",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14081"
},
{
"name": "RHSA-2011:1087",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1087.html"
},
{
"name": "TA11-201A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html"
},
{
"name": "SUSE-SA:2011:036",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00022.html"
},
{
"name": "DSA-2311",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2311"
},
{
"name": "RHSA-2011:1159",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1159.html"
},
{
"name": "http://support.avaya.com/css/P8/documents/100144512",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100144512"
},
{
"name": "SUSE-SA:2011:032",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00002.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html"
},
{
"name": "RHSA-2013:1455",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "44818",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44818"
},
{
"name": "RHSA-2011:0856",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0856.html"
},
{
"name": "SUSE-SU-2011:0966",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00025.html"
},
{
"name": "RHSA-2011:0938",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0938.html"
},
{
"name": "44930",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44930"
},
{
"name": "oval:org.mitre.oval:def:14463",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14463"
},
{
"name": "SUSE-SA:2011:030",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00003.html"
},
{
"name": "SSRT100591",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=132439520301822&w=2"
},
{
"name": "MDVSA-2011:126",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:126"
},
{
"name": "SSRT100867",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name": "49198",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49198"
},
{
"name": "SUSE-SU-2011:0807",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00009.html"
},
{
"name": "openSUSE-SU-2011:0633",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00003.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html"
},
{
"name": "HPSBUX02777",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133728004526190&w=2"
},
{
"name": "HPSBUX02697",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=132439520301822&w=2"
},
{
"name": "SSRT100854",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133728004526190&w=2"
},
{
"name": "RHSA-2011:1265",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1265.html"
},
{
"name": "RHSA-2011:0860",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0860.html"
},
{
"name": "HPSBMU02797",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name": "http://www.ibm.com/developerworks/java/jdk/alerts/",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"name": "RHSA-2011:0857",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0857.html"
}
]
}
}

178
2011/1xxx/CVE-2011-1778.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1778",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/libarchive/source/detail?r=3160",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/libarchive/source/detail?r=3160"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=705849",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=705849"
},
{
"name" : "http://support.apple.com/kb/HT5281",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5281"
},
{
"name" : "APPLE-SA-2012-05-09-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"name" : "DSA-2413",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2413"
},
{
"name" : "RHSA-2011:1507",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2011-1507.html"
},
{
"name" : "48034",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48034"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48034",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48034"
},
{
"name": "RHSA-2011:1507",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2011-1507.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=705849",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=705849"
},
{
"name": "http://code.google.com/p/libarchive/source/detail?r=3160",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/libarchive/source/detail?r=3160"
},
{
"name": "DSA-2413",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2413"
},
{
"name": "http://support.apple.com/kb/HT5281",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5281"
},
{
"name": "APPLE-SA-2012-05-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
}
]
}
}

128
2011/3xxx/CVE-2011-3278.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3278",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload) by sending crafted SIP packets to UDP port 5060, aka Bug ID CSCti48483."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-3278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=24120",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=24120"
},
{
"name" : "20110928 Cisco IOS Software Network Address Translation Vulnerabilities",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d4d.shtml"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload) by sending crafted SIP packets to UDP port 5060, aka Bug ID CSCti48483."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24120",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24120"
},
{
"name": "20110928 Cisco IOS Software Network Address Translation Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d4d.shtml"
}
]
}
}

178
2011/3xxx/CVE-2011-3424.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3424",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Session fixation vulnerability in the Managed File Transfer server in TIBCO Managed File Transfer Internet Server before 7.1.1 and Managed File Transfer Command Center before 7.1.1, and the server in TIBCO Slingshot before 1.8.1, allows remote attackers to hijack web sessions via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.tibco.com/multimedia/mft-slingshot_advisory_20110913_tcm8-14340.txt",
"refsource" : "CONFIRM",
"url" : "http://www.tibco.com/multimedia/mft-slingshot_advisory_20110913_tcm8-14340.txt"
},
{
"name" : "http://www.tibco.com/services/support/advisories/mft-slingshot-advisory_20110913.jsp",
"refsource" : "CONFIRM",
"url" : "http://www.tibco.com/services/support/advisories/mft-slingshot-advisory_20110913.jsp"
},
{
"name" : "49619",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/49619"
},
{
"name" : "75397",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/75397"
},
{
"name" : "1026051",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1026051"
},
{
"name" : "45976",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/45976"
},
{
"name" : "managed-file-session-hijacking(69805)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69805"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in the Managed File Transfer server in TIBCO Managed File Transfer Internet Server before 7.1.1 and Managed File Transfer Command Center before 7.1.1, and the server in TIBCO Slingshot before 1.8.1, allows remote attackers to hijack web sessions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45976",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45976"
},
{
"name": "http://www.tibco.com/services/support/advisories/mft-slingshot-advisory_20110913.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories/mft-slingshot-advisory_20110913.jsp"
},
{
"name": "http://www.tibco.com/multimedia/mft-slingshot_advisory_20110913_tcm8-14340.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/mft-slingshot_advisory_20110913_tcm8-14340.txt"
},
{
"name": "1026051",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1026051"
},
{
"name": "managed-file-session-hijacking(69805)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69805"
},
{
"name": "75397",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/75397"
},
{
"name": "49619",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49619"
}
]
}
}

138
2011/3xxx/CVE-2011-3779.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3779",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PhpHostBot 2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/create_acct.php and certain other files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource" : "MISC",
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PhpHostBot_2.0",
"refsource" : "MISC",
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PhpHostBot_2.0"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PhpHostBot 2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/create_acct.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PhpHostBot_2.0",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PhpHostBot_2.0"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}

138
2011/4xxx/CVE-2011-4284.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4284",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Moodle 2.0.x before 2.0.2 allows remote attackers to obtain sensitive information from a myprofile (aka My profile) block by visiting a user-context page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20111113 Re: Fwd: DSA 2338-1 moodle security update",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/11/14/1"
},
{
"name" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=0ab727fb35e5ae1d8316d96c6752ee9ebec4c185",
"refsource" : "CONFIRM",
"url" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=0ab727fb35e5ae1d8316d96c6752ee9ebec4c185"
},
{
"name" : "http://moodle.org/mod/forum/discuss.php?d=170010",
"refsource" : "CONFIRM",
"url" : "http://moodle.org/mod/forum/discuss.php?d=170010"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Moodle 2.0.x before 2.0.2 allows remote attackers to obtain sensitive information from a myprofile (aka My profile) block by visiting a user-context page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20111113 Re: Fwd: DSA 2338-1 moodle security update",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/11/14/1"
},
{
"name": "http://moodle.org/mod/forum/discuss.php?d=170010",
"refsource": "CONFIRM",
"url": "http://moodle.org/mod/forum/discuss.php?d=170010"
},
{
"name": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=0ab727fb35e5ae1d8316d96c6752ee9ebec4c185",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=0ab727fb35e5ae1d8316d96c6752ee9ebec4c185"
}
]
}
}

32
2011/4xxx/CVE-2011-4383.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4383",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2011-4383",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
}
]
}
}

32
2013/5xxx/CVE-2013-5044.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5044",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-5044",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}

32
2013/5xxx/CVE-2013-5298.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5298",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5298",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2013/5xxx/CVE-2013-5989.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5989",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5989",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

118
2014/2xxx/CVE-2014-2174.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2174",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco TelePresence T, TelePresence TE, and TelePresence TC before 7.1 do not properly implement access control, which allows remote attackers to obtain root privileges by sending packets on the local network and allows physically proximate attackers to obtain root privileges via unspecified vectors, aka Bug ID CSCub67651."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-2174",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150513 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tc"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco TelePresence T, TelePresence TE, and TelePresence TC before 7.1 do not properly implement access control, which allows remote attackers to obtain root privileges by sending packets on the local network and allows physically proximate attackers to obtain root privileges via unspecified vectors, aka Bug ID CSCub67651."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150513 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tc"
}
]
}
}

118
2014/2xxx/CVE-2014-2408.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2408",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to the \"Grant Any Object Privilege.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-2408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to the \"Grant Any Object Privilege.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
}
]
}
}

158
2014/2xxx/CVE-2014-2515.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2515",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod, which allows remote authenticated users to gain privileges via a request for a superuser ticket."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-2515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140818 ESA-2014-067: EMC Documentum D2 Privilege Escalation Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/533161/30/0/threaded"
},
{
"name" : "69275",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69275"
},
{
"name" : "1030740",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030740"
},
{
"name" : "60565",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60565"
},
{
"name" : "emc-documentum-cve20142515-priv-esc(95367)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95367"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod, which allows remote authenticated users to gain privileges via a request for a superuser ticket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69275"
},
{
"name": "emc-documentum-cve20142515-priv-esc(95367)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95367"
},
{
"name": "60565",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60565"
},
{
"name": "1030740",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030740"
},
{
"name": "20140818 ESA-2014-067: EMC Documentum D2 Privilege Escalation Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533161/30/0/threaded"
}
]
}
}

168
2014/2xxx/CVE-2014-2559.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2559",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in twitget.php in the Twitget plugin before 3.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change unspecified plugin options via a request to wp-admin/options-general.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140411 CSRF/XSS vulnerability in Twitget 3.3.1 (WordPress plugin)",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Apr/172"
},
{
"name" : "http://packetstormsecurity.com/files/126134",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/126134"
},
{
"name" : "https://security.dxw.com/advisories/csrfxss-vulnerability-in-twitget-3-3-1",
"refsource" : "MISC",
"url" : "https://security.dxw.com/advisories/csrfxss-vulnerability-in-twitget-3-3-1"
},
{
"name" : "http://wordpress.org/plugins/twitget/changelog",
"refsource" : "CONFIRM",
"url" : "http://wordpress.org/plugins/twitget/changelog"
},
{
"name" : "57892",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57892"
},
{
"name" : "twitget-wordpress-csrf(92391)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92391"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in twitget.php in the Twitget plugin before 3.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change unspecified plugin options via a request to wp-admin/options-general.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wordpress.org/plugins/twitget/changelog",
"refsource": "CONFIRM",
"url": "http://wordpress.org/plugins/twitget/changelog"
},
{
"name": "57892",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57892"
},
{
"name": "twitget-wordpress-csrf(92391)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92391"
},
{
"name": "http://packetstormsecurity.com/files/126134",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126134"
},
{
"name": "20140411 CSRF/XSS vulnerability in Twitget 3.3.1 (WordPress plugin)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Apr/172"
},
{
"name": "https://security.dxw.com/advisories/csrfxss-vulnerability-in-twitget-3-3-1",
"refsource": "MISC",
"url": "https://security.dxw.com/advisories/csrfxss-vulnerability-in-twitget-3-3-1"
}
]
}
}

32
2014/2xxx/CVE-2014-2694.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2694",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2694",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

148
2014/6xxx/CVE-2014-6089.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6089",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service (disrupted system operations) by uploading a file to a protected area."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21684475",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21684475"
},
{
"name" : "IV67358",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358"
},
{
"name" : "IV67581",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV67581"
},
{
"name" : "ibm-sam-cve20146089-upload(95860)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95860"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service (disrupted system operations) by uploading a file to a protected area."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21684475",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684475"
},
{
"name": "IV67358",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358"
},
{
"name": "IV67581",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV67581"
},
{
"name": "ibm-sam-cve20146089-upload(95860)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95860"
}
]
}
}

148
2014/6xxx/CVE-2014-6177.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6177",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.3 does not perform access-control checks for depth-0 retrieve operations, which allows remote authenticated users to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21693381",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21693381"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21693384",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21693384"
},
{
"name" : "IV24386",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV24386"
},
{
"name" : "ibm-wsrr-cve20146177-sec-bypass(98492)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98492"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.3 does not perform access-control checks for depth-0 retrieve operations, which allows remote authenticated users to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21693384",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21693384"
},
{
"name": "IV24386",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV24386"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21693381",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21693381"
},
{
"name": "ibm-wsrr-cve20146177-sec-bypass(98492)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98492"
}
]
}
}

138
2014/6xxx/CVE-2014-6667.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6667",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The racemotocross (aka com.bossappsmk.racemotocross) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#956145",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/956145"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The racemotocross (aka com.bossappsmk.racemotocross) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#956145",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/956145"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

138
2014/6xxx/CVE-2014-6694.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6694",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The 5SOS Family Planet (aka uk.co.pixelkicks.fivesos) application 2.3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#708073",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/708073"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The 5SOS Family Planet (aka uk.co.pixelkicks.fivesos) application 2.3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#708073",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/708073"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

138
2014/6xxx/CVE-2014-6998.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6998",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PinkFong TV (aka kr.co.smartstudy.pinkfongtv_android_googlemarket) application 4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6998",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#113017",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/113017"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PinkFong TV (aka kr.co.smartstudy.pinkfongtv_android_googlemarket) application 4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#113017",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/113017"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

218
2014/7xxx/CVE-2014-7142.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7142",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140909 CVE-Request: squid pinger remote DoS",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2014/q3/539"
},
{
"name" : "[oss-security] 20140916 Re: Re: CVE-Request: squid pinger remote DoS",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2014/q3/613"
},
{
"name" : "[oss-security] 20140922 Re: CVE-Request: squid pinger remote DoS",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2014/q3/626"
},
{
"name" : "http://www.squid-cache.org/Advisories/SQUID-2014_4.txt",
"refsource" : "CONFIRM",
"url" : "http://www.squid-cache.org/Advisories/SQUID-2014_4.txt"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=891268",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=891268"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name" : "SUSE-SU-2016:1996",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name" : "SUSE-SU-2016:2089",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name" : "USN-2422-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-2422-1"
},
{
"name" : "70022",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70022"
},
{
"name" : "60242",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60242"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2014_4.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2014_4.txt"
},
{
"name": "SUSE-SU-2016:1996",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "60242",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60242"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=891268",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=891268"
},
{
"name": "[oss-security] 20140916 Re: Re: CVE-Request: squid pinger remote DoS",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/613"
},
{
"name": "[oss-security] 20140909 CVE-Request: squid pinger remote DoS",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/539"
},
{
"name": "70022",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70022"
},
{
"name": "USN-2422-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-2422-1"
},
{
"name": "SUSE-SU-2016:2089",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "[oss-security] 20140922 Re: CVE-Request: squid pinger remote DoS",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/626"
}
]
}
}

148
2017/0xxx/CVE-2017-0213.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2017-0213",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows COM",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016."
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when an attacker runs a specially crafted application, aka \"Windows COM Elevation of Privilege Vulnerability\". This CVE ID is unique from CVE-2017-0214."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows COM",
"version": {
"version_data": [
{
"version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "42020",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42020/"
},
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0213",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0213"
},
{
"name" : "98102",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98102"
},
{
"name" : "1038457",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038457"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when an attacker runs a specially crafted application, aka \"Windows COM Elevation of Privilege Vulnerability\". This CVE ID is unique from CVE-2017-0214."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98102",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98102"
},
{
"name": "42020",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42020/"
},
{
"name": "1038457",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038457"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0213",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0213"
}
]
}
}

166
2017/0xxx/CVE-2017-0543.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-0543",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android-6.0"
},
{
"version_value" : "Android-6.0.1"
},
{
"version_value" : "Android-7.0"
},
{
"version_value" : "Android-7.1.1"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097866."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote code execution"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2017-0543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-6.0"
},
{
"version_value": "Android-6.0.1"
},
{
"version_value": "Android-7.0"
},
{
"version_value": "Android-7.1.1"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://android.googlesource.com/platform/external/libavc/+/f634481e940421020e52f511c1fb34aac1db4b2f",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/external/libavc/+/f634481e940421020e52f511c1fb34aac1db4b2f"
},
{
"name" : "https://source.android.com/security/bulletin/2017-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-04-01"
},
{
"name" : "97330",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97330"
},
{
"name" : "1038201",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038201"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097866."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-04-01"
},
{
"name": "https://android.googlesource.com/platform/external/libavc/+/f634481e940421020e52f511c1fb34aac1db4b2f",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/external/libavc/+/f634481e940421020e52f511c1fb34aac1db4b2f"
},
{
"name": "97330",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97330"
},
{
"name": "1038201",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038201"
}
]
}
}

140
2017/0xxx/CVE-2017-0923.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"ID" : "CVE-2017-0923",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "GitLab Community and Enterprise Editions",
"version" : {
"version_data" : [
{
"version_value" : "9.1.0 - 10.1.5 Fixed in 10.1.6"
},
{
"version_value" : "10.2.0 - 10.2.5 Fixed in 10.2.6"
},
{
"version_value" : "10.3.0 - 10.3.3 Fixed in 10.3.4"
}
]
}
}
]
},
"vendor_name" : "GitLab"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebooks component resulting in persistent cross site scripting."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2017-0923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitLab Community and Enterprise Editions",
"version": {
"version_data": [
{
"version_value": "9.1.0 - 10.1.5 Fixed in 10.1.6"
},
{
"version_value": "10.2.0 - 10.2.5 Fixed in 10.2.6"
},
{
"version_value": "10.3.0 - 10.3.3 Fixed in 10.3.4"
}
]
}
}
]
},
"vendor_name": "GitLab"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://hackerone.com/reports/293740",
"refsource" : "MISC",
"url" : "https://hackerone.com/reports/293740"
},
{
"name" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/",
"refsource" : "CONFIRM",
"url" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebooks component resulting in persistent cross site scripting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/293740",
"refsource": "MISC",
"url": "https://hackerone.com/reports/293740"
},
{
"name": "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/",
"refsource": "CONFIRM",
"url": "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/"
}
]
}
}

182
2017/1000xxx/CVE-2017-1000101.json
View File

@ -1,94 +1,94 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.316423",
"ID" : "CVE-2017-1000101",
"REQUESTER" : "daniel@haxx.se",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "curl",
"version" : {
"version_data" : [
{
"version_value" : "curl 7.34.0 to and including 7.54.1"
}
]
}
}
]
},
"vendor_name" : "curl"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "curl supports \"globbing\" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "buffer overread"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.316423",
"ID": "CVE-2017-1000101",
"REQUESTER": "daniel@haxx.se",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://curl.haxx.se/docs/adv_20170809A.html",
"refsource" : "CONFIRM",
"url" : "https://curl.haxx.se/docs/adv_20170809A.html"
},
{
"name" : "https://support.apple.com/HT208221",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208221"
},
{
"name" : "DSA-3992",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3992"
},
{
"name" : "GLSA-201709-14",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201709-14"
},
{
"name" : "RHSA-2018:3558",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3558"
},
{
"name" : "100249",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100249"
},
{
"name" : "1039117",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039117"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "curl supports \"globbing\" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT208221",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208221"
},
{
"name": "RHSA-2018:3558",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3558"
},
{
"name": "GLSA-201709-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-14"
},
{
"name": "https://curl.haxx.se/docs/adv_20170809A.html",
"refsource": "CONFIRM",
"url": "https://curl.haxx.se/docs/adv_20170809A.html"
},
{
"name": "1039117",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039117"
},
{
"name": "100249",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100249"
},
{
"name": "DSA-3992",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3992"
}
]
}
}

138
2017/18xxx/CVE-2017-18354.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18354",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Rendertron 1.0.0 allows for alternative protocols such as 'file://' introducing a Local File Inclusion (LFI) bug where arbitrary files can be read by a remote attacker."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18354",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.chromium.org/p/chromium/issues/detail?id=759111",
"refsource" : "MISC",
"url" : "https://bugs.chromium.org/p/chromium/issues/detail?id=759111"
},
{
"name" : "https://github.com/GoogleChrome/rendertron/commit/8d70628c96ae72eff6eebb451d26fc9ed6b58b0e",
"refsource" : "MISC",
"url" : "https://github.com/GoogleChrome/rendertron/commit/8d70628c96ae72eff6eebb451d26fc9ed6b58b0e"
},
{
"name" : "https://github.com/GoogleChrome/rendertron/pull/88",
"refsource" : "MISC",
"url" : "https://github.com/GoogleChrome/rendertron/pull/88"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rendertron 1.0.0 allows for alternative protocols such as 'file://' introducing a Local File Inclusion (LFI) bug where arbitrary files can be read by a remote attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.chromium.org/p/chromium/issues/detail?id=759111",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=759111"
},
{
"name": "https://github.com/GoogleChrome/rendertron/commit/8d70628c96ae72eff6eebb451d26fc9ed6b58b0e",
"refsource": "MISC",
"url": "https://github.com/GoogleChrome/rendertron/commit/8d70628c96ae72eff6eebb451d26fc9ed6b58b0e"
},
{
"name": "https://github.com/GoogleChrome/rendertron/pull/88",
"refsource": "MISC",
"url": "https://github.com/GoogleChrome/rendertron/pull/88"
}
]
}
}

140
2017/1xxx/CVE-2017-1236.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-07-05T00:00:00",
"ID" : "CVE-2017-1236",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MQ",
"version" : {
"version_data" : [
{
"version_value" : "9.0.2"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-07-05T00:00:00",
"ID": "CVE-2017-1236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MQ",
"version": {
"version_data": [
{
"version_value": "9.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124354",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124354"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22003510",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22003510"
},
{
"name" : "99505",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99505"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22003510",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003510"
},
{
"name": "99505",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99505"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124354",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124354"
}
]
}
}

264
2017/1xxx/CVE-2017-1489.json
View File

@ -1,135 +1,135 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-08-23T00:00:00",
"ID" : "CVE-2017-1489",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Access Manager for Web",
"version" : {
"version_data" : [
{
"version_value" : "6.1"
},
{
"version_value" : "6.1.1"
},
{
"version_value" : "7.0"
},
{
"version_value" : "8.0"
},
{
"version_value" : "8.0.0.2"
},
{
"version_value" : "8.0.0.3"
},
{
"version_value" : "8.0.0.4"
},
{
"version_value" : "8.0.0.5"
},
{
"version_value" : "8.0.0.1"
},
{
"version_value" : "8.0.1"
},
{
"version_value" : "8.0.1.2"
},
{
"version_value" : "8.0.1.3"
},
{
"version_value" : "9.0"
},
{
"version_value" : "9.0.0.1"
},
{
"version_value" : "9.0.1"
},
{
"version_value" : "8.0.1.4"
},
{
"version_value" : "8.0.1.5"
},
{
"version_value" : "9.0.2"
},
{
"version_value" : "9.0.2.1"
},
{
"version_value" : "9.0.3"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-23T00:00:00",
"ID": "CVE-2017-1489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager for Web",
"version": {
"version_data": [
{
"version_value": "6.1"
},
{
"version_value": "6.1.1"
},
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.0.1.2"
},
{
"version_value": "8.0.1.3"
},
{
"version_value": "9.0"
},
{
"version_value": "9.0.0.1"
},
{
"version_value": "9.0.1"
},
{
"version_value": "8.0.1.4"
},
{
"version_value": "8.0.1.5"
},
{
"version_value": "9.0.2"
},
{
"version_value": "9.0.2.1"
},
{
"version_value": "9.0.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128687",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128687"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22006959",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22006959"
},
{
"name" : "100592",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100592"
},
{
"name" : "1039227",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039227"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128687",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128687"
},
{
"name": "100592",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100592"
},
{
"name": "1039227",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039227"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006959",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006959"
}
]
}
}

32
2017/1xxx/CVE-2017-1636.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1636",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1636",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

136
2017/1xxx/CVE-2017-1696.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-12-18T00:00:00",
"ID" : "CVE-2017-1696",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Security QRadar SIEM",
"version" : {
"version_data" : [
{
"version_value" : "7.2"
},
{
"version_value" : "7.3"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 134178."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-12-18T00:00:00",
"ID": "CVE-2017-1696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security QRadar SIEM",
"version": {
"version_data": [
{
"version_value": "7.2"
},
{
"version_value": "7.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134178",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134178"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22011730",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22011730"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 134178."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134178",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134178"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22011730",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22011730"
}
]
}
}

304
2017/5xxx/CVE-2017-5375.json
View File

@ -1,155 +1,155 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2017-5375",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Thunderbird",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "45.7"
}
]
}
},
{
"product_name" : "Firefox ESR",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "45.7"
}
]
}
},
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "51"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Excessive JIT code allocation allows bypass of ASLR and DEP"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2017-5375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "45.7"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "45.7"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "51"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "42327",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42327/"
},
{
"name" : "44293",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44293/"
},
{
"name" : "44294",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44294/"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1325200",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1325200"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-01/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-01/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-02/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-02/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-03/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-03/"
},
{
"name" : "DSA-3771",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3771"
},
{
"name" : "DSA-3832",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3832"
},
{
"name" : "GLSA-201702-13",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201702-13"
},
{
"name" : "GLSA-201702-22",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201702-22"
},
{
"name" : "RHSA-2017:0190",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
},
{
"name" : "RHSA-2017:0238",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
},
{
"name" : "95757",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95757"
},
{
"name" : "1037693",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037693"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Excessive JIT code allocation allows bypass of ASLR and DEP"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-03/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-03/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-02/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-02/"
},
{
"name": "GLSA-201702-22",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-22"
},
{
"name": "42327",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42327/"
},
{
"name": "DSA-3832",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3832"
},
{
"name": "44293",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44293/"
},
{
"name": "GLSA-201702-13",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-13"
},
{
"name": "DSA-3771",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3771"
},
{
"name": "44294",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44294/"
},
{
"name": "1037693",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037693"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-01/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-01/"
},
{
"name": "RHSA-2017:0190",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
},
{
"name": "RHSA-2017:0238",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
},
{
"name": "95757",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95757"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1325200",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1325200"
}
]
}
}

138
2017/5xxx/CVE-2017-5554.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5554",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastboot mode, which could be done without any authentication. A physical attacker can press the \"Volume Up\" button during device boot, where an attacker with ADB access can issue the adb reboot bootloader command. Then, the attacker can put the platform's SELinux in permissive mode, which severely weakens it, by issuing: fastboot oem selinux permissive."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://securityresear.ch/2017/01/11/fastboot-oem-selinux-permissive/",
"refsource" : "MISC",
"url" : "https://securityresear.ch/2017/01/11/fastboot-oem-selinux-permissive/"
},
{
"name" : "https://www.xda-developers.com/oneplus-33t-bootloader-vulnerability-allows-changing-of-selinux-to-permissive-mode-in-fastboot/",
"refsource" : "MISC",
"url" : "https://www.xda-developers.com/oneplus-33t-bootloader-vulnerability-allows-changing-of-selinux-to-permissive-mode-in-fastboot/"
},
{
"name" : "95706",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95706"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastboot mode, which could be done without any authentication. A physical attacker can press the \"Volume Up\" button during device boot, where an attacker with ADB access can issue the adb reboot bootloader command. Then, the attacker can put the platform's SELinux in permissive mode, which severely weakens it, by issuing: fastboot oem selinux permissive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://securityresear.ch/2017/01/11/fastboot-oem-selinux-permissive/",
"refsource": "MISC",
"url": "https://securityresear.ch/2017/01/11/fastboot-oem-selinux-permissive/"
},
{
"name": "95706",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95706"
},
{
"name": "https://www.xda-developers.com/oneplus-33t-bootloader-vulnerability-allows-changing-of-selinux-to-permissive-mode-in-fastboot/",
"refsource": "MISC",
"url": "https://www.xda-developers.com/oneplus-33t-bootloader-vulnerability-allows-changing-of-selinux-to-permissive-mode-in-fastboot/"
}
]
}
}

128
2017/5xxx/CVE-2017-5623.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5623",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem boot_mode {rf/wlan/ftm/normal} command' in contradiction to the threat model of Android where the bootloader MUST NOT allow any security-sensitive operation to be run unless the bootloader is unlocked."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5623",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://alephsecurity.com/vulns/aleph-2017005",
"refsource" : "MISC",
"url" : "https://alephsecurity.com/vulns/aleph-2017005"
},
{
"name" : "97048",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97048"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem boot_mode {rf/wlan/ftm/normal} command' in contradiction to the threat model of Android where the bootloader MUST NOT allow any security-sensitive operation to be run unless the bootloader is unlocked."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://alephsecurity.com/vulns/aleph-2017005",
"refsource": "MISC",
"url": "https://alephsecurity.com/vulns/aleph-2017005"
},
{
"name": "97048",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97048"
}
]
}
}

118
2017/5xxx/CVE-2017-5901.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5901",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The State Bank of India State Bank Anywhere app 5.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f",
"refsource" : "MISC",
"url" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The State Bank of India State Bank Anywhere app 5.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f",
"refsource": "MISC",
"url": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f"
}
]
}
}

32
2017/5xxx/CVE-2017-5920.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5920",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5920",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}